Cryptography & Security Specialist

• Giving advice on which cryptographic tools/products to use and how to embed these in the environment.
  
• Giving advice on which form of encryption best fits the environment, taking into account different factors, i.e., the classification of the data.
  
• Keeping your knowledge up-to-date, especially in the cryptographic domain.
  
• Setting up and monitoring governance and (co-) setting up processes and monitoring of these processes.
  
• Performing project intake assessments in cooperation with the Project Security Officer.
  
• Assessing applications and systems to be implemented or actual implementations based on assessments of high- and low-level designs, interviews and/or testing.
  
• Assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling.
  
• Translating assessment results into an Information Security Specification (security plan for service).
  
• Communicating observations to the relevant stakeholders, advising on mitigation and following up on actions.
  
• Adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources.
  
• Adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings.
  
• Improving and maintaining an Application Security Register, manage and follow-up on actions and register application progress.
  
• Keeping track of follow-up actions and deliver management reporting.
  
• Representing, on occasion, the TSCC in IT projects and intake boards where required.
  
• Assessing IT security exception requests on validity and providing advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls.
  
• Improving procedures to keep the security registers, application registers and assessment processes up to date.
  
• Creation and execution of roadmaps, standards, design patterns and frameworks, specifically on cryptography. Working together with different stakeholders within and outside of ASML e.g., external auditors and Core IT services.
  
• Creation of cryptography KPI’s, assuring right cryptography within ASML is being used.
  
• Advising on strategic future developments in cryptography.
  
• Updating and maintaining security baselines and standards.
  
• Assisting IT Security risk management.
  
• Training and coaching DevOps teams on security aspects, standards and security solutions in CI/CD.
  

Requirements

• Bachelor’s or Master’s degree in mathematics in combination with cybersecurity/information security (or equivalent experience).
  
• Valid industry certifications such as CISSP, CISM and/or CISA are a plus.
  
• CCSP or equivalent is a plus.
  

• Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance.
  
• Strong mathematical/algorithmic understanding of symmetric and asymmetric cryptography, hash functions, digital signatures etc.
  
• Experience and good hands on knowledge of PKI and certificate management in complex large enterprise settings, including Business Analysis.
  
• Experience with tools/products (i.e. Docker) where cryptography is embedded is a plus.
  
• Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and applications.
  
• Experience with a wide range of SAP applications is a plus (no authorization management).
  
• Experience with Cloud security and 3rd party management.
  
• Experience in collecting information through research and interviews.
  
• Good working knowledge of Office suite applications like Excel, SharePoint and Teams.
  
• Deep Knowledge of current security technologies and governance processes.
  
• IT audit experience is a plus.
  
• In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST Cyber, security, framework, ISF Standard of Good Practice for Information Security, NIST SP 800 30 framework, ISO 27001/2 framework.
  
• Knowledge of the Scaled Agile Framework (SAFe) is a plus.
  

• Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that.
  
• You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues.
  
• There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.

• To thrive in this job, you’ll need the following skills:
  
• Able to operate independently/with minimal supervision, self-starter.
  
• Ability to interact with all levels including users, engineers, executives and senior managers.
  
• Analytical, precise, tenacious, autonomous.
  
• Knowledge of IT-security, Information Security and Architecture methodology.
  
• Ability to overcome organizational resistance.
  
• Excellent organizational skills and the ability to prioritize multiple tasks and assignments.
  
• Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.
  
• Enclose a personal motivation from the candidate for this position.
  

SOLLICITEER DIRECT!