Application Security Analyst

Job Description
Division: CISO
The role requires a self-motivated analyst conversant and experienced with the use of static code testing for application risk assessment. Static Application Security Testing is performed as part of the overall application testing process. The individual is required to be experienced in security of applications and how they need to be protected. The individual is also required to be experienced with static test tools in order to assess application security. Euroclear currently uses HCL Appscan to test source code so experience with this toolset would be an advantage. Coordination will be required with application owners for testing and assessment of findings.

The Main Responsibilities

• Develop and scan applications based upon a variety of different languages (.NET, java, C, …)
• Assess application results for false and true positives
• Produce reports of findings, remediation options and risk analysis.
• Present & discuss the results to all relevant collaborators (technical and non-technical)
• Advise (senior) collaborators, such as project leads, developers, and analysts on how to remediate and prevent any detected issues
• Review test results from different sources and perceive threads and issues with applications
• Drive or support application security efficiencies in cost, delivery and reporting
• Innovate through automation of testing and improving pipeline delivery

In this role you will come in contact with all types of applications written in a variety of languages and from different technologies including Mainframe applications, web applications and middleware. The candidate will be familiar with some of these situations but be able to quickly assess, understand and test the application. Not only is technical knowledge of application security needed but the ability to converse and convince the developers of the issues and support mitigation.

At times, the candidate will be required to take on other related technical tasks to improve scanning efficiency including automating tasks, pipeline reviews and other related improvements

Technical Skills

• Experience of using SAST and DAST tools required.
• Coding skills to support automation is an advantage.
• Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
• Good understanding of Application security including OWASP TOP 10, and willingness to learn with regard to a broad range of attacks (SQLi, XSS, Overflows, DLL-Hijacking,...)
• Basic understanding of network principles and protocols
• Basic understanding of Unix and Windows Operating Systems and security practices
• Working with a variety of automated test tools and ability to drive improvements across all areas.

Soft Skills

• Be an ethical teammate who communicates in an open, supportive and constructive way with their customers and peers, both verbally and in writing. You will take ownership and ensure that interpersonal quality standards are met.
• Be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT authorities.
• Be able to work independently, responsibly and expertly with highly confidential information.

About Us
Why join us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer

• Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
• Practice your talents in a highly professional international environment.
• Join a learning and development environment with an emphasis on knowledge sharing and training.
• Competitive salary and comprehensive benefits.

New ways of working
Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

Great Place to Work for All
We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

About The Team
As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.