< Back to Jobs

Application Security Analyst

Company: APPROACH CYBER

Publishing date: February 27th, 2024

Expiring date: March 22nd, 2024

About the company

APPROACH is a pure-play cyber security and privacy service provider.

We believe that everyone deserves digital peace-of-mind. This is our vision, our aspiration for a society where each and every one is reassured, where there is confidence and security in the digital world. Therefore, our role is to bring cyber serenity to society..

Job description

Who we are looking for


As an Application Security Analyst, you will integrate our Secure Software Development practice. 
Together with our 20 experts, we develop, maintain, support and host Specialized Software. Our expertise is two-fold: 

  • Proposing our expertise to clients’ development teams in securing their Software Development Life Cycle (SSDLC or Secured-SDLC).

  • Developing highly secured softwares (Security by design) based on customer’s requirments (e.g. itsme – authentication app) ;

In this frame, we are recruiting an Application Security Analyst who will play a key role in our application security services growth over the next few years.

 

Your role


As an Application Security Analyst your role is to carry out security assessments on applications used by our customers. 
Based on the results of the assessment, you will propose security recommendations. These are short-, medium- and long-term solutions that will serve as the basis for building an application security roadmap for the company.


Depending on your qualifications, you may be required to implement these recommendations in terms of processes, tools and developer trainings (security champions, awareness).
Your main contacts at the customer will be the CISOs and their security teams.

 

Your tasks will consist of:

  • Assess an existing SDLC (i.e., SAMM Assessment but we stay open to other methodologies we’ll define together),

  • Give guidance on establishing a secure software development lifecycle (Secure-SDLC / DevSecOps),

  • Help development teams to integrate application security best practices (e.g. OWASP ASVS), and security tooling/processes in their development pipeline (SAST, DAST, SCA, CVE follow-up, ...),

  • Give training and coaching sessions to new security champions at client. 

  • Participate in presales meetings around application security.

The role will evolve to include the following tasks and responsibilities in the short term, depending on your experience and evolution pace.

You will then bring your energy on Solution Owner responsibilities like: 

  1. Mentorship and support: Providing guidance and mentorship to team members, especially those in junior positions, will be crucial. Your support will help them navigate complex missions, leading their professional growth and ensuring successful project outcomes.

  2. Technology watch: You will follow new tools, technical evolutions and industry trends, and share your knowledge with the team. This proactive approach will ensure that our offerings remain cutting-edge, relevant, and aligned with our clients’ ever-evolving needs.

  3. Relationships strengthening with our trusted business partners/suppliers: You will be our key representative in application security associations, or during application security events/conferences/meetings.

  4. Asset creation: Developing new assets and methodologies to complement and enhance our solutions will be part of your responsibility. These assets and methodologies will not only increase the efficiency of our solutions but also support and empower your colleagues in delivering high-quality results.

 

Your profile

 

  • You hold a Bachelor or Master degree.

  • You work for minimum 2 years in applying security to development: 

    • You have an experience in analyzing SDLC environments in terms of security (OWASP SAMM assessment type, Threat modeling, …) 

    • You have already worked with/implemented some of the following tools: Sonarqube, CheckMarx, Fortify, webinspect, ZAP, Dependency-Check, Snyk, Veracode, jfrog Xray, Azure devops, Gitlab, ...

  • You are analytical minded.

  • You have a natural team spirit, together with project management and presentation skills.

  • You have good working knowledge of both written and spoken English, and French or Dutch.

Considered as a plus:

  • Hands on experience in development (Java and/or C#)

  • Kubernetes and containers (Docker)

  • REST APIs

  • Experience with security principles and intrusion tools

    Interested?

    Don’t wait and send us your application to jobs@approach-cyber.com. Join us in our commitment to deliver cyber serenity and cont

Location

Switzerland

Working arrangement

Flexible working hours

Seniority level

Mid-career

Company size

Medium-sized business

Language/s required

Dutch, English, French

Job type

Contract

Tags

Software engineer, Data security, Computer network security, Cybersecurity education

Mentorship

Trainings