Application Security Expert

In Belgium, BRCK Match is the market leader in non-life insurance. We have more than ⚠,⚠ passionate employees who aim to transform from payer to partner to ⚠ million customers. Our people are our greatest asset. That's why a pleasant and modern working atmosphere is important to us. Together we hope to promote a culture of diversity and inclusion where ideas and ideas are valued, respected and valued. In every step we take, we keep our values ​​in mind: Customer Focus, Integrity, Courage and BRCK Match.

Mission:

• As a member of the BRCK Match Security Office Sector Information Security Team, led by the BRCK Match, your responsibility is to promote and ensure that BRCK Match applications and platforms are adequately protected.
• You will work primarily with security colleagues (some of whom have application security as a primary role), security and solutions architects, IT product teams, and business teams.

Key Responsibilities:

• Security Oversight:
• Work with IT product and architecture teams to ensure platforms/applications (including lifecycle) adhere to security best practices, including but not limited to:
• Executing applications and technical design of platform reviews.
• Oversee source code reviews (static and dynamic/penetration testing), including corrective actions.
• Assess the security maturity of the software development life cycle (SDLC) within your organization.
• Monitor cloud security posture (Azure/AWS).
• Ensure, among other things, compliance with best security practices and BRCK Match security instructions.
• Support the third-party security team to ensure that third-party solutions comply with BRCK Match/BRCK Match security requirements.
• Provide security when needed through a risk-based approach.
• Monitor network and encryption controls to protect applications.
• Develop/maintain an overview of application/platform security and associated key risk indicators.
• Track vulnerabilities and remediation plans.
• Engage and assist Security Office departments, business units, and their respective IT teams in obtaining a current overview of application security vulnerabilities/risks, including potential future courses of action, including clear management-level presentations.
• Governance:
• Actively participate in the annual definition, coordination and implementation of BRCK Match Roadmap application security through a risk and compliance based approach.
• Understand, translate (if necessary) or ensure implementation and follow-up of BRCK Match security requirements to protect BRCK Match application environment.
• Participate in security onboarding (new projects, etc.) to ensure BRCK Match security requirements are defined, followed and implemented.
• Responsible for monitoring, measuring and driving systematic improvements in the maturity and effectiveness of BRCK Match application security processes and ISO ⚠K controls.
• Awareness:
• Promote security culture and define/participate in training for BRCK Match IT departments (e.g. Engineering, Operations) on security procedures and security risks.
• Develop security policies for technologies such as (.NET, Java, Python, Angular, etc.)
• Inventory:
• Actively participate in the coordination of application, cloud and security inventories.

IMPORTANT:

• Execution of activities such as penetration testing, secure coding, etc. will be done by colleagues.
• Identity and access management is outside the scope of responsibility.
• BRCK Match relies heavily on security solutions and processes defined at group level across all BRCK Match divisions.

Profile: Research/Experience/Knowledge

• You have a bachelor's or master's degree in Computer Science/Information Systems/Information Security or other related field.
• Have at least ⚠ years of relevant application development experience and extensive experience in applying vulnerability scanning tools (such as Checkmarx, AppScan, Fortify, SonarQube, etc.).
• Strong understanding and experience with the Secure Software Development Life Cycle (SDLC).
• Experience with various development languages/frameworks (.NET, Java, Python, Angular, etc.).
• Understand DevOps culture and principles.
• Hands-on experience reviewing infrastructure as code for cloud environments (AWS CloudFormation, Azure Resource Manager), Docker familiarity with industry best practices such as OWASP, SANS, and ISO⚠K preferred.
• Strong knowledge and experience in PowerBI dashboard development preferred.

Soft Skills

• A strong team player despite the ability to work autonomously.
• Problem solving skills and excellent analytical skills.
• Excellent communication skills with IT/technical teams and management.
• You can communicate fluently in English (written and spoken).
• Knowledge of French and/or Flemish is a plus.

Summary: Learning/Experience/Knowledge

• You have a bachelor's or master's degree in Computer Science/Information Systems/Information Security or other related field.
• You have at least ⚠ years of relevant experience in application development and extensive experience scanning application tools for vulnerabilities (e.g. Checkmarx, AppScan, Fortify, SonarQube, etc.).
• In-depth understanding and experience with the Secure Software Development Life Cycle (SDLC).
• Experience with various development languages/frameworks (.NET, Java, Python, Angular, etc.).
• Understand DevOps culture and principles.
• Hands-on experience reviewing infrastructure as code for cloud environments (AWS CloudFormation, Azure Resource Manager, Docker containers) preferred. Familiarity with industry best practices such as OWASP, SANS and ISO⚠K preferred.
• Advanced knowledge and experience in PowerBI dashboard development preferred.

Soft Skills

• A strong team player despite the ability to work autonomously.
• Problem solving skills and excellent analytical skills.
• Excellent communication skills with IT/technical teams and management.
• You can communicate fluently in English (written and spoken).
• Knowledge of French and/or Flemish is a plus.