Voor een eindklant zijn wij op zoek naat een IT Security Auditor
The consultancy services are needed on a temporary basis mainly for assessing the effectiveness of a number of application level controls. The scope of this RfO covers all independent security assessments which need to be conducted across many projects and work packages included in client’s Work Plan (more than 30). A secondary objective is to identify potential security vulnerabilities pertaining to infrastructure level services that may have been unidentified so far. The security assessment should include the following:
Penetration Testing (i.e. vulnerability verification)
It should be noted that client’s request does not entail a detailed risk analysis nor, specifically, consulting advice on how to address identified security or control deficiencies from a risk management perspective, but is focused on technical security and vulnerability assessment.
Tasks to be performed
The consultants will perform specific security assessments-related tasks which need to be conducted across many projects (around 30 projects). The tasks/services to be provided will mainly include the following activities (non-exhaustive list):
Reviewing and Performing web application security vulnerability assessments, including application platforms and middleware components that influence the security posture of the web applications,
Perform infrastructure level security vulnerability assessments,
Writing and maintaining security test scripts for manual and automated testing,
Defining recommendation how to resolve identified security test defects,
Provide documented report(s) on the assessment findings and propose technical remediation actions and recommendations.
At least 7 years professional experience in web application-level security penetration testing
and have participated in minimum 10 projects (for specific areas indicated below) covering at
experience in using vulnerability assessment tools both commercial as well as open source
experience in performing validations of identified vulnerabilities by manual inspections
to remove false positives
experience in application level penetration testing
Working knowledge of English
Knowledge of the Open Web Application Security Project (OWASP) Application Security Verification Standard and emerging application security best practices
Knowledge of recognized security assessment methodologies, such as the Open Source Security Testing Methodology and the OWASP Testing Guide
Knowledge of planning and organisation skills
Possession of a recognised information security certification will be considered as an asset during the evaluation but is not mandatory:
o Technical vulnerability tester: CEH, OSCP or relevant equivalent certification.
Desirable: Knowledge of EU security standardsand regulations
Reactie is prive en alleen zichtbaar voor de opdrachtgever en de plaatser van de reactie.
Je moet inloggen voordat je een reactie kunt plaatsen.