IT Application Security assessor (+/- 3 months)

Location
Eindhoven
Start date
20/04/2020
End date
17/07/2020
Hours
40
Share this request:

Introduction

As Specialist in Application Security you are part of the IT Application Security team in and work
together with about 18 of your colleagues in IT security and will responsible for conducting detailed
Security assessments mainly on new and existing Applications and IT services within ASML, assist and
advice projects on security related questions and help drive the security improvements for ASML. You
will be interacting with stakeholders on different levels in in IT, but also within ASML sectors.

Job Mission

SAP technology plays a key role in the security assessments. Experience with a security of a wide
range of SAP applications is a must in this role.
• The security finding register contains all TVA findings and risks that are reported within IT
Security, and is used to follow up on actions and register progress. Assessing existing or new IT
services ( on premise or cloud) on technical vulnerabilities and weaknesses based on ASML
process and tooling;
• Assessing systems to be implemented or actual implementations based on assessments of high
and low level designs, interviews and/or testing;
• Advise on security improvements and additional controls;
• Translating assessment results into an Information Security Specification (Security plan for
service)
Communicate observations to the relevant stakeholders, advise on mitigation and follow up on
actions

Job Description

As an application security specialist you will be responsible for:
• Improving and maintaining an Application Security Register, Manage and follow-up on security
assessment findings;
• Keep track of follow up actions and deliver management reporting;

Perform project intake assessments in cooperation with the Project Security officer;
• Represent, on occasion, IT security in IT project and intake boards where required;
• Assess IT security exception requests on validity and provide advice to the team lead application
security and business stakeholder for acceptance or rejection including advice on additional
security controls;
• Assessing applications and systems to be implemented or actual implementations based on
assessments of high and low level designs, interviews and/or testing;
• Translating assessment results into an Information Security Specification (Security plan for
service);
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on
actions;
• Performing detailed security assessments on applications and IT services;
• Adding information to the different Security registers from Business impact assessments (BIA’s),
IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and
other sources;
• Report on progress and deliver management reports;
• Improve procedures to keep the security registers, application registers and assessment
processes up to date;
• Advise on security improvements and additional controls;
• Assess IT security exception requests;
• Update and maintain security baselines and standards;
• Assist IT Security risk management

Education

Academic qualifications are an advantage, but not a substitute for professional experience;
• Valid industry certifications such as the Certified Information Systems Security Professional
(CISSP/CISM/CISA) are a plus;
• CCSP or equivalent is a plus
• Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
• Deep Knowledge of current security technologies and governance processes
• IT audit experience is a plus
• In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
• NIST Cyber Security Framework
• ISF Standard of Good Practice for Information Security
• NIST SP 800 30 framework

• ISO 27001/2 framework
• Knowledge of security in Agile is a plus

Experience

Min 6+ years professional experience with a focus on IT applications / information security, risk
and compliance;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments
on IT services and applications;
• Experience with a wide range of SAP applications is a plus (no authorization management);
• Experience with Cloud security and 3rd party management;
• Experience in collecting information through research and interviews;
• Excellent English communication and presentation skills. Command of the Dutch language is a
plus;
• Good working knowledge of Office suite applications like Excel and SharePoint;
• Excellent verbal and written communication skills;
• Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision

Personal skills

• Able to operate independently, self-starter
• Ability to interact with all levels including users, engineers, executives and senior managers
• Deep technical knowledge of IT-security and Information Security and Architecture methodology.
• Ability to overcome organizational resistance
• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
• Analytical, precise, tenacious, autonomous
• Able to digest large amounts of new information quickly, and derive key security requirements
• Able to grasp the deep technical characteristics of new environments quickly
• Able to draft clear and concise visualizations of complex environments
• Able to fairly represent conflicting stakeholder needs to enable informed decision-making
• Able to stand your ground in a flexible / changing environment
• Able to work with rapid changing demands

Eindhoven
40
20/04/2020
20/03/2020
17/07/2020
Location:
Start date:
End date:
Hours:
Eindhoven
20/04/2020
17/07/2020
40

Introduction

As Specialist in Application Security you are part of the IT Application Security team in and work
together with about 18 of your colleagues in IT security and will responsible for conducting detailed
Security assessments mainly on new and existing Applications and IT services within ASML, assist and
advice projects on security related questions and help drive the security improvements for ASML. You
will be interacting with stakeholders on different levels in in IT, but also within ASML sectors.

Job Mission

SAP technology plays a key role in the security assessments. Experience with a security of a wide
range of SAP applications is a must in this role.
• The security finding register contains all TVA findings and risks that are reported within IT
Security, and is used to follow up on actions and register progress. Assessing existing or new IT
services ( on premise or cloud) on technical vulnerabilities and weaknesses based on ASML
process and tooling;
• Assessing systems to be implemented or actual implementations based on assessments of high
and low level designs, interviews and/or testing;
• Advise on security improvements and additional controls;
• Translating assessment results into an Information Security Specification (Security plan for
service)
Communicate observations to the relevant stakeholders, advise on mitigation and follow up on
actions

Job Description

As an application security specialist you will be responsible for:
• Improving and maintaining an Application Security Register, Manage and follow-up on security
assessment findings;
• Keep track of follow up actions and deliver management reporting;

Perform project intake assessments in cooperation with the Project Security officer;
• Represent, on occasion, IT security in IT project and intake boards where required;
• Assess IT security exception requests on validity and provide advice to the team lead application
security and business stakeholder for acceptance or rejection including advice on additional
security controls;
• Assessing applications and systems to be implemented or actual implementations based on
assessments of high and low level designs, interviews and/or testing;
• Translating assessment results into an Information Security Specification (Security plan for
service);
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on
actions;
• Performing detailed security assessments on applications and IT services;
• Adding information to the different Security registers from Business impact assessments (BIA’s),
IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and
other sources;
• Report on progress and deliver management reports;
• Improve procedures to keep the security registers, application registers and assessment
processes up to date;
• Advise on security improvements and additional controls;
• Assess IT security exception requests;
• Update and maintain security baselines and standards;
• Assist IT Security risk management

Education

Academic qualifications are an advantage, but not a substitute for professional experience;
• Valid industry certifications such as the Certified Information Systems Security Professional
(CISSP/CISM/CISA) are a plus;
• CCSP or equivalent is a plus
• Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
• Deep Knowledge of current security technologies and governance processes
• IT audit experience is a plus
• In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
• NIST Cyber Security Framework
• ISF Standard of Good Practice for Information Security
• NIST SP 800 30 framework

• ISO 27001/2 framework
• Knowledge of security in Agile is a plus

Experience

Min 6+ years professional experience with a focus on IT applications / information security, risk
and compliance;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments
on IT services and applications;
• Experience with a wide range of SAP applications is a plus (no authorization management);
• Experience with Cloud security and 3rd party management;
• Experience in collecting information through research and interviews;
• Excellent English communication and presentation skills. Command of the Dutch language is a
plus;
• Good working knowledge of Office suite applications like Excel and SharePoint;
• Excellent verbal and written communication skills;
• Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision

Personal skills

• Able to operate independently, self-starter
• Ability to interact with all levels including users, engineers, executives and senior managers
• Deep technical knowledge of IT-security and Information Security and Architecture methodology.
• Ability to overcome organizational resistance
• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
• Analytical, precise, tenacious, autonomous
• Able to digest large amounts of new information quickly, and derive key security requirements
• Able to grasp the deep technical characteristics of new environments quickly
• Able to draft clear and concise visualizations of complex environments
• Able to fairly represent conflicting stakeholder needs to enable informed decision-making
• Able to stand your ground in a flexible / changing environment
• Able to work with rapid changing demands

Inloggen