Cryptography & Security Specialist
Job Description
- Giving advice on which cryptographic tools/products to use and how to embed these in the environment.
- Giving advice on which form of encryption best fits the environment, taking into account different factors, i.e., the classification of the data.
- Keeping your knowledge up-to-date, especially in the cryptographic domain.
- Setting up and monitoring governance and (co-) setting up processes and monitoring of these processes.
- Performing project intake assessments in cooperation with the Project Security Officer.
- Assessing applications and systems to be implemented or actual implementations based on assessments of high- and low-level designs, interviews and/or testing.
- Assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling.
- Translating assessment results into an Information Security Specification (security plan for service).
- Communicating observations to the relevant stakeholders, advising on mitigation and following up on actions.
- Adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources.
- Adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings.
- Improving and maintaining an Application Security Register, manage and follow-up on actions and register application progress.
- Keeping track of follow-up actions and deliver management reporting.
- Representing, on occasion, the TSCC in IT projects and intake boards where required.
- Assessing IT security exception requests on validity and providing advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls.
- Improving procedures to keep the security registers, application registers and assessment processes up to date.
- Creation and execution of roadmaps, standards, design patterns and frameworks, specifically on cryptography. Working together with different stakeholders within and outside of ASML e.g., external auditors and Core IT services.
- Creation of cryptography KPI’s, assuring right cryptography within ASML is being used.
- Advising on strategic future developments in cryptography.
- Updating and maintaining security baselines and standards.
- Assisting IT Security risk management.
- Training and coaching DevOps teams on security aspects, standards and security solutions in CI/CD.
Requirements
- Bachelor’s or Master’s degree in mathematics in combination with cybersecurity/information security (or equivalent experience).
- Valid industry certifications such as CISSP, CISM and/or CISA are a plus.
- CCSP or equivalent is a plus.
- Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance.
- Strong mathematical/algorithmic understanding of symmetric and asymmetric cryptography, hash functions, digital signatures etc.
- Experience and good hands on knowledge of PKI and certificate management in complex large enterprise settings, including Business Analysis.
- Experience with tools/products (i.e. Docker) where cryptography is embedded is a plus.
- Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and applications.
- Experience with a wide range of SAP applications is a plus (no authorization management).
- Experience with Cloud security and 3rd party management.
- Experience in collecting information through research and interviews.
- Good working knowledge of Office suite applications like Excel, SharePoint and Teams.
- Deep Knowledge of current security technologies and governance processes.
- IT audit experience is a plus.
- In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST Cyber, security, framework, ISF Standard of Good Practice for Information Security, NIST SP 800 30 framework, ISO 27001/2 framework.
- Knowledge of the Scaled Agile Framework (SAFe) is a plus.
- Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that.
- You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues.
- There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
- To thrive in this job, you’ll need the following skills:
- Able to operate independently/with minimal supervision, self-starter.
- Ability to interact with all levels including users, engineers, executives and senior managers.
- Analytical, precise, tenacious, autonomous.
- Knowledge of IT-security, Information Security and Architecture methodology.
- Ability to overcome organizational resistance.
- Excellent organizational skills and the ability to prioritize multiple tasks and assignments.
- Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.
- Enclose a personal motivation from the candidate for this position.
Requirements
A Bachelor’s or Master’s degree. Minimum of 5 years of experience in full-stack Java software engineering, including Java 11 and Spring. Experience with distributed software architectures and cloud-based hosting (preferably Azure). Back-end development proficiency with some front-end (web) development exposure. Knowledge of Continuous Integration, Build, and Deployment practices, tools, and trends. Comprehensive understanding of Java development methods, IT architectures, and common development tools. Skill in writing SQL database queries. Experience in the financial sector is preferable. Familiarity with tools like Azure DevOps and Splunk monitoring. A flexible, proactive approach with a strong analytical mindset and result orientation. Excellent oral and written communication skills in English.
SOLLICITEER DIRECT!
- Salary Vrij P.M
- Country nl
- City Eindhoven
- Vacature link Bezoek website
- Solliciteer direct! Bezoek website
- Website bedrijf Bezoek website
We schrijven zelden, maar alleen de beste inhoud.
Controleer uw e-mail voor een bevestigingsmail.
Pas nadat u uw e-mailadres heeft bevestigd, wordt u geabonneerd op onze nieuwsbrief.