30+ days ago - req23082

Senior Security Architect

Research & development

Other technical job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

Research & development

Experience

8+ years

Degree

Master

Job Category

Other technical job categories

Travel

No

Introduction

ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is a heavily R&D driven company, and as such, it is critical that we properly safeguard our intellectual property.

All R&D is performed to deliver products to our customers (whether in physical or software only form). Changing threat and risk horizons require us to further improve on product security focusing on cyber securityand information security resilience in respectively products and product intellectual property.

Job Mission

The senior security architect is responsible for assuring the business develops their products within ASML cyber and information security risk appetite by developing, maintaining, and improving cross-product reference architecture in alignment with ASML risk appetite, product security policy framework, and business needs.

Job Description

  • Responsible for development, maintenance, and improvement of the cross-product security reference architecture in close cooperation with the product security focus group lead/ enterprise product security architect, and other colleague security architects;
  • Responsible for development, maintenance, and improvement of product security design patterns and integration of these in business/ product development processes;
  • Alignment of cross-product security reference architecture with product security policy framework;
  • Execute product security control and risk assessments and drive mitigation in product development processes;
  • Responsible for registering and maintaining product security risks and exceptions in respective R&D registers;
  • Execution and coordination in product security incident, risk, and exception management processes;
  • Capable to design and to support in design ofsolution architecture -including technical and operational aspects- for product security services;
  • Support business line programs, product architects, and engineers in solution architecture, design and implementation of security requirements in products and services;
  • Participate in and contribute to security awareness, training, and education activities for specialized topics such as secure software development, product security services, and product security way of working;
  • Responsible for development, maintenance, and improvement product security policy framework, policies, standards, benchmarks, guidelines, security processes, and assessment tooling; and organizational embedding of these in business/ product development processes;
  • Contribute to the maturity of the product security technical competence;
  • Remain oversight, manage dependencies and integration aspects, and assure cross-product security architecture is consistent across products.

    Education

Bachelor/ master degree or equivalent combination of education and experience.

Experience

  • Minimum of 10 years of relevant experience in IT security, OT security and information security risk management;
  • Proven strong IT and software architecture knowledge and background;
  • Proven experience with risk management frameworks such as ISO 27001;
  • Vendor agnostic expertise of IT/ software architecture;
  • Knowledge of open source software;
  • Experience in Linux environments;
  • Proven up-to-date experience with vulnerability scanning and/ or penetration testing;
  • Pre: proven experience in security software development and secure programming;
  • Pre: Experience with certificates and encryption techniques.
  • Pre: Knowledge of virtualization and containerization technologies such as VMware, Kubernetes and Docker.
  • Generic security certifications like CISSP, and CISM;
  • Specialized security architecture certifications like TOGAF9, SABSA, CISSP-ISSAP, and GDSA.

Personal skills

  • Skill to lead, influence, and negotiate without authority;
  • An business enabling security attitude in opposite to a business disabling one;
  • Strong analytical skills in combination with common sense;
  • Ability to translate risks, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
  • Pro-active and self-motivated attitude;
  • Political aware and sensitive;
  • Fluent English (written and verbal);
  • Team player;
  • Strong communication and presentation skills;
  • Drive to retrieve the root cause of the problem.

    Context of the position

The senior security architect is positioned within the Information Management, R&D Security Risk Management department which is part ofDevelopment & Engineering business function. The senior security architect will functionally report to the Product Security focus group lead and hierarchically to the R&D sector security risk manager.

Other information

You are based in Veldhoven, the Netherlands. You will be employed in the R&D Security Risk Management (SRM) team which is part of the Development and Engineering Information Management department.

You are a member of the ASML Security community; collaborating also together with Security Risk Managers in other sectors.