The security department is part of SPW Digital and its mission is to ensure IT security. It oversees various topics such as Governance Risk Compliance (GRC), solution security, security architecture, vulnerability management, and operational security.

The security department is seeking to add support to fill the role of Application Security Specialist (projects and maintenance). The assignment is planned for an initial order of 220 days but may be subject to renewals depending on the context.

On-site presence (Namur) is required, but teleworking is possible up to 50% (maximum).

Mission:

The consultant will be required to carry out the following activities in particular:

• Operationalize (technically) the concept of Security by design/default in its four components: Availability of applications and underlying systems, Integrity (non-alteration) of data, Confidentiality (non-disclosure) of data and processing, and finally Traceability of actions performed on the Information System;
• Ensure proper identification of security needs for all components of a solution based on the expressed needs, the Information Systems Security Policy, and best practices;
• Assist architects in the design of secure solution components, taking into account the SPW and application context, and the technologies available on the market;
• Perform security analyses for digital projects;
• Verify the application of security requirements, including security testing scenarios. Ensure that tests are conducted before any production deployment;
• Provide security support in specific areas of expertise;
• Depending on priorities, any other activities related to IT security.

Main skills:

You have sufficient knowledge and mastery in the fields of activity, technical standards, methodologies, reference frameworks of best practices, and technological tools necessary for the role described in this document, and also:

• The components of a large-scale information system, such as that of SPW. You can explain how they are organized, their utility, and identify their potential contributions or weaknesses in terms of security;
• You have knowledge of security aspects surrounding application, web, and cloud domains and are able to identify the inherent risks;
• Good knowledge of the role and activities of the various technical stakeholders (developer, architect, quality, systems/networks engineer, analyst, project manager, etc.) in software development;
• Good verbal and written communication skills, particularly in making complex topics accessible.

Main expected qualities:

• Assertiveness and ability to take initiative;
• Very good communicator, client and results oriented;
• Positive and supportive attitude, active listening.

Evaluation method:

The evaluation will involve an interview during which questions and/or case scenarios related to the mission description will be used.

This interview will take place during the week of October 6 to 10.