StepStone - Engineer Information Security
With over 24,9 million visits and more than 290.000 job listings each month,
we operate some of the most powerful online job portals in the European market.
And because we move fast and support innovation, we're always looking for new talents to reinforce our team.
Want to help change the world of recruitment today? At StepStone we take great strides forward to stay the leading online recruitment marketplace. The answer lies in a combination of two important factors: market leading products and truly exceptional, driven and highly talented people. Do you want to be part of a company you can be proud of and help it growing, then keep reading!
Where you will work
The Engineer Information Security is responsible for providing operational leadership and support for the global security infrastructure within the StepStone Group (+ 3000 employees, + 3000 servers) . As part of the Security Team, you will work closely with different IT teams to implement and support security infrastructure across the group.
You will be part of a team of 3 Engineers in Information Security, who will report, together with 4 DevOps Engineers, to the Security & Operations Manager. The team consists of many different nationalities so the working language is English.
Your key Responsibilities
- You will perform high and low level application security testing:
- You will run automated scanners, using advanced attack and assessment methodologies, as well as review source code to thoroughly evaluate the security of target applications.
- You will meet with application owners prior to assessment, correlating resulting data for delivery, and validating vulnerability mitigation.
- You will enhance IT security and controls in response to increased internal and external Web applications as well as legal and regulatory requirements.
- You will work on team projects throughout the year to help push the progress of the Global IT Security initiatives. Some example projects are: Firewall Hardware refresh, Intrusion Prevention System initiative, EndPoint Security initiative, Security Information and event management .
- You will participate in training and research to ensure that technical skill set stays current with modern practices and methodologies. This includes conferences and online training as well as knowledge transfer to the team via internal training, documentation and process development and maintenance.
Your essential Duties & Responsibilities
- Create and maintain application test vulnerability and risk assessment database.
- Develop and maintain an IT security application testing strategy, policies and standards, and architecture.
- Coordinate application tests remotely and onsite to help ensure audit, regulatory and policy satisfaction.
- Provide support within the Global IT Security team on all application testing matters.
- Finetune WAF to mitigate findings through pentests.
- Bachelor degree in ICT, or equivalent by experience
- Experience with implementation of network security systems such as intrusion detection, cryptography, Firewalls, SIEM, WAF.
- Extensive knowledge of distributed data networking technologies and systems
- Thorough knowledge of internetworking, including TCP/IP, IPsec, Routers, IP internetwork configuration and design
- Substantial knowledge of information security practices and technology
- 3-5 years of experience in Application testing and code evaluation.
- Fluent in English, both oral and in writing
- Valid residency and work permit in Europe