Cyber Security Architect

А global digital transformation company with a team of more than 4,900 global players in 26 countries – in Europe, America and Asia, working together to put organizations at the forefront of innovation by bringing together talent, knowledge and technology.

Our approach is based on conscious technology, through which we create positive environments and meaningful opportunities, always in our own way, making the complex simple.

VASS BeNeLux is currently seeking a Cyber Security Specialist to work for a project within the European Commission.

The role:

• Security Architecture and Risk Assessment: Define and supervise the development of comprehensive security architectures, ensuring alignment with Zero Trust principles and conducting regular risk assessments to identify and mitigate potential vulnerabilities.
• Policy Development and Enforcement: Develop, implement, and enforce security policies and procedures that comply with industry standards and regulatory requirements, including GDPR and eIDAS.
• Network and Application Security Oversight: Supervise the implementation of network security measures such as firewalls, intrusion detection/prevention systems (IDS/IPS), and virtual private networks (VPNs). Oversee application security initiatives, ensuring adherence to OWASP guidelines and secure software development lifecycle (SDLC) practices.
• Identity and Access Management (IAM): Coordinate the implementation of IAM solutions, including role-based access control (RBAC) and attribute-based access control (ABAC), to ensure secure and compliant access to systems and data.
• Compliance and Audit Management: Ensure adherence to security compliance frameworks such as ISO 27001 and NIST, and manage audits to verify compliance with data protection regulations like GDPR.
• Incident Response and Forensics: Develop and oversee incident response plans, conduct forensic investigations in the event of security breaches, and implement corrective actions to prevent future incidents.
• Secure DevOps (DevSecOps) Implementation: Promote and supervise the integration of security practices into the DevOps pipeline, ensuring that security is embedded throughout the development and deployment processes.
• Cryptography Management: Oversee the implementation of cryptographic protocols, including TLS, AES, RSA, and hashing algorithms, to protect data integrity and confidentiality.
• Cloud Security Governance: Define strategies for securing cloud environments (AWS, Azure, GCP), ensuring that security controls are effectively implemented and managed.
• Penetration Testing and Vulnerability Assessment: Supervise regular penetration testing and vulnerability assessments to identify and remediate security weaknesses.
• Data Loss Prevention (DLP): Implement and manage DLP strategies to prevent unauthorized access, use, or transmission of sensitive data.

And you?

• Proficiency in designing security architectures and conducting risk assessments to identify and mitigate potential threats.
• Deep understanding of Zero Trust principles and their application in modern security frameworks.
• Expertise in implementing network security measures and ensuring application security throughout the software development lifecycle (SDLC).
• Experience with identity and access management (IAM) solutions, including role-based access control (RBAC) and attribute-based access control (ABAC) for secure user management.
• Familiarity with security compliance frameworks such as ISO 27001, NIST, GDPR, and eIDAS, along with experience managing compliance audits.
• Ability to develop and manage incident response plans and conduct forensic investigations following security incidents.
• Knowledge of integrating security practices into DevOps pipelines to ensure secure development and deployment processes.
• Understanding of cryptographic protocols and their application in securing data.
• Experience securing cloud environments and implementing cloud security best practices.
• Proficiency in conducting penetration tests and vulnerability assessments to identify and address security weaknesses.
• Knowledge of data loss prevention (DLP) strategies and tools to protect sensitive data.
• Experience with threat modeling methodologies such as MITRE ATT&CK and STRIDE to identify and mitigate security threats.
• Understanding of security considerations specific to artificial intelligence and machine learning applications.
• Awareness of emerging trends in quantum-resistant cryptography and their implications for data security.
• Familiarity with regulatory frameworks such as the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive 2 (NIS2).
• Knowledge of privacy-enhancing technologies such as homomorphic encryption and differential privacy.
• Experience with threat intelligence gathering and security operations center (SOC) processes to monitor and respond to security threats.
• Understanding of secure multi-party computation (SMPC) techniques and their application in secure data processing.

Specific Expertise:

• A minimum of 5-7 years of experience in security related architecture roles, with a focus on cloud based environments and high-security requirements.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP) are highly desirable.
• Demonstrated experience in managing highly security demanding projects that require high agility, innovation, and adaptability to change.

If you want to join a dynamic company where technological challenges will be found in your day to day we are waiting for you in the great VASS team.

And we encourage you to be the best version of yourself: Transformative, Creative, Honest, Vibrant!

At VASS we take action every day to achieve a favourable environment that facilitates and promotes equal opportunities, non-discrimination, diversity and inclusion of all people. We select our talent based on business needs, skills and merits. 🌟