Software security and quality expert

[afotakel]

http://www.epo.org/about-us/jobs/vacancies/other/INTEXT-5955.html

 

 

The European Patent Office is seeking a Software security and quality expert (administrator)

in DG 2 - IM, PD Service Creation, Dept. 2.8.3.8 Common Build Services

Place of employment: The Hague 

Job group 4
Grade G7 – G10

Deadline for applications: 29.3.2016

The mission of the Common Build Services department is to provide a framework to support and manage the standardised creation of new IM services and to ensure that services provided by external suppliers follow similar principles to maximise the efficiency of software delivery, allow full control by IM Service Operations of the applications in use, and ultimately guarantee the quality of software delivered to our internal and external users.
Main duties

The software security and quality expert will be responsible for:
Elaborating, in collaboration with other groups within the organisation (CIO Office, E&I, etc.), the IT security standards relevant to the area of reference in accordance with the EPO security policies
Maintaining coding guidelines for the software stacks used at the EPO
Creating guidelines and patterns to support the implementation of standards
Improving existing activities within the secure system development lifecycle, including templates relating to security requirements, security testing, threat modelling, automation of security and quality checks on the code produced within the EPO's continuous development environment, and third-party open-source compliance
Supporting projects in the definition and review of security requirements and the definition of security tests and acceptance criteria for their validation
Supporting critical projects in threat modelling analysis on the proposed solution architecture for both internal and external developments
Managing scope and co-ordinating corrective actions stemming from reports of third-party code reviews and penetration tests
Participating, when required, in the other activities of the Common Build Services team
Monitoring technology and forecasting potential technological developments
Candidate profile

The ideal candidate will have
very good knowledge of processes generally involved in the delivery and acceptance of new IT solutions, and proven experience in activities relating to security and quality
the ability to interact with several project teams comprising internal and external EPO staff in parallel and to provide guidance on the main duties requested and the IT security policies of IM/the EPO
the ability to work under pressure to strict deadlines and to prioritise effectively in line with the deliverables for the unit or project
the ability to understand, present and integrate new concepts, methodologies and external standards in the area of software security and quality at the EPO
the ability to work both independently and as a team player, and to supervise co-workers
strong analytical skills and the ability to present complex concepts in simple terms
a proactive approach to identifying own development needs and an ongoing commitment to learning and self-improvement
the ability to actively and consistently create a collaborative and constructive working relationship both inside and outside the department
a service-oriented attitude aimed at delivering a reliable, accurate and timely service
well-developed communication and influencing skills combining a high level of fluency, clarity, confidence, and the capacity to create a positive and credible image with the ability to gain buy-in using compelling, well-thought through arguments
Skills and qualifications
Knowledge of methodologies in the area of requirements, with particular emphasis on security requirements
Very good knowledge of SDLC and Secure SDLC methodologies
Very good knowledge of code reviews, penetration testing, threat modelling and security test methodologies
Thorough understanding of potential attack vectors such as OWASP Top 10, CWE/SANS Top 25 and countermeasures
Knowledge of mainstream tools for static and dynamic code analysis
Experience with validating software maintainability requirements
Knowledge of enterprise and security architecture frameworks such as TOGAF, SABSA
Profound knowledge of authentication and authorisation standards and industry best practices
Solid experience with infrastructure and application-level security (10+ years)
Relevant certifications or equivalent training in the area of software security (i.e. CSSLP, CISSP)
Knowledge of ArchiMate would be an advantage
Minimum qualifications

Diploma of completed studies at university level or - in exceptional cases - equivalent professional experience. Excellent knowledge of one official language and ability to understand the other two.

Citizenship of one of the member states of the European Patent Organisation.
Salary and benefits

The EPO offers competitive salaries, an excellent social package, and varied work in a modern international environment. The net (basic) monthly salary* for this vacancy ranges from EUR 5 223 to 7 396, depending on experience. In addition, depending on their personal circumstances, EPO staff may be entitled to relocation benefits and various allowances (e.g. household, dependant's, childcare, education, expatriation, installation, rent and language allowance).
Process and timeline

The successful candidate will be selected on the basis of qualifications, supplemented as appropriate by interviews, tests and/or a personality questionnaire.

It is intended to hold the interviews in calendar week 15 (2016) in The Hague.

Application until: 29.3.2016

Please apply by sending us your online application

Instructions for online job applications to the European Patent Office

How to get there: directions for the European Patent Office in The Hague.

* after deduction of EPO internal tax and before deduction of staff contributions to the social-security and pension schemes.