IT-Application Security Specialist
Computer Science & Software Engineering
In a nutshell
Computer Science & Software Engineering
Do you have a passion for application security? Do you wish to have an impact on how we conduct security assessments? Then we would like to talk to you!”
As Specialist in Application Security you will be part of the IT Application Security team in and work together with about 18 of your colleagues in IT security and will responsible for conducting detailed Security assessments on new and existing Applications and IT services within ASML, assist and advice projects on security related questions and help drive the security improvements for ASML.You will be interacting with stakeholders on different levels in in IT, but also within ASML sectors.
SAP technology plays an important role in the security assessments. Experience with a wide range of SAP applications will be a plus in this role.
As an application security specialist you will be responsible for:
- Improving and maintaining an Application Security Register, Manage and follow-up on security assessment findings*1.
- Keep track of follow up actions and deliver management reporting.
- Perform project intake assessments in cooperation with the Project Security officer.
- Represent, on occasion, IT security in IT project and intake boards where required.
- Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls.
- Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing.
- Translating assessment results into an Information Security Specification (Security plan for service).
- Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions.
- Performing detailed security assessments on applications and IT services;
- Adding information to the different Security registers from BIA’s, TVA’s, penetration/security tests, vulnerability scans, exceptions and other sources;
- Report on progress and deliver management reports;
- Improve procedures to keep the security registers and application registers up to date;
- Advise on security improvements and additional controls.
- Assess IT security exception requests.
*1 The security finding register contains all security assessment findings and risks that are reported within IT Security, and is used
-Academic qualifications are an advantage, but not a substitute for professional experience;
-Valid industry certifications such as the Certified Information Systems Security Professional (CISSP) are a plus;
-Experience in ISO 27001,NIST-800 or equivalent are a plus;
- Min 4+ years professional experience with a focus on IT applications / information security, risk and compliance;
- Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on IT services and applications;
- Experience with a wide range of SAP applications is a plus (no authorization management)
- Experience in collecting information through research and interviews;
- Excellent English communication and presentation skills.Command of the Dutch language is a plus;
- Good working knowledge of Office suite applications like Excel and SharePoint;
- Excellent verbal and written communication skills;
- Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision.
To attract and retain the best people, we have a competitive employment conditions package, including:
-Fixed 13th month;
-Attractive profit scheme; 5 year average (2017): 16.4%
-27 holidays and 13 additional free days.
ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the dedication of a company that recognizes and rewards extraordinary performance.