IT Security Auditor

Geplaatst op
2 tot 6 maanden
Op locatie
Den Haag


  • Yacht bv 31 opdrachten
  • Helion IT 160 opdrachten
  • KPN Consulting 243 opdrachten


Beste freelancer,

Voor een eindklant zijn wij op zoek naat een IT Security Auditor

The consultancy services are needed on a temporary basis mainly for assessing the effectiveness of a number of application level controls. The scope of this RfO covers all independent security assessments which need to be conducted across many projects and work packages included in client’s Work Plan (more than 30). A secondary objective is to identify potential security vulnerabilities pertaining to infrastructure level services that may have been unidentified so far. The security assessment should include the following:

  • Vulnerability assessment

  • Penetration Testing (i.e. vulnerability verification)

It should be noted that client’s request does not entail a detailed risk analysis nor, specifically, consulting advice on how to address identified security or control deficiencies from a risk management perspective, but is focused on technical security and vulnerability assessment.

Tasks to be performed
The consultants will perform specific security assessments-related tasks which need to be conducted across many projects (around 30 projects). The tasks/services to be provided will mainly include the following activities (non-exhaustive list):

  • Reviewing and Performing web application security vulnerability assessments, including application platforms and middleware components that influence the security posture of the web applications,

  • Perform infrastructure level security vulnerability assessments,

  • Writing and maintaining security test scripts for manual and automated testing,

  • Defining recommendation how to resolve identified security test defects,

  • Provide documented report(s) on the assessment findings and propose technical remediation actions and recommendations.



  • At least 7 years professional experience in web application-level security penetration testing

and have participated in minimum 10 projects (for specific areas indicated below) covering at

least all the following areas, tools and techniques

  • experience in using vulnerability assessment tools both commercial as well as open source

  • experience in performing validations of identified vulnerabilities by manual inspections

to remove false positives

  • experience in application level penetration testing

  • Working knowledge of English

  • Knowledge of the Open Web Application Security Project (OWASP) Application Security Verification Standard and emerging application security best practices

  • Knowledge of recognized security assessment methodologies, such as the Open Source Security Testing Methodology and the OWASP Testing Guide

  • Knowledge of planning and organisation skills

  • Possession of a recognised information security certification will be considered as an asset during the evaluation but is not mandatory:

o Technical vulnerability tester: CEH, OSCP or relevant equivalent certification.

Desirable: Knowledge of EU security standardsand regulations

Reageren op de opdracht? Log in of Word gratis lid

1 reactie

  • Datum
    09-05-2016 13:40

    Reactie is prive en alleen zichtbaar voor de opdrachtgever en de plaatser van de reactie.

Jouw reactie

Je moet inloggen voordat je een reactie kunt plaatsen. maakt gebruik van cookies. Door deze website verder te bezoeken, gaat u akkoord met het plaatsen van cookies.

Melding sluiten