JOB DESCRIPTION

You want to join Excellium because…

You are curious, motivated, and passionate!

Integrated within dynamic and passionate teams, as our new Confirmed Application Security consultant, you will have the opportunity to fully invest yourself, innovate and create from the latest technologies. You will quickly find your place at Excellium. In order to understand our business, the challenges of our customers and to support them we regularly organize meetings, workshops and training. We will thus help you level up your skills and position you on stimulating projects adapted to your profile and enabling you to surpass yourself.

Your team as Confirmed Application Security Consultant:

Excellium is looking for a senior penetration tester to join the Intrusion and Application Security (IAS) Department based in Luxembourg. With more than 160 engagements performed in 2020 despite the pandemic, the IAS department is one of the largest offensive team in Luxembourg. The department has two practices where consultants specialize in either Application Security or Intrusion activities.

Your mission as Confirmed Application Security Consultant:

As Application Security (AppSec) consultant, you help clients to identify vulnerabilities in different kinds of applications (web, API, mobile, desktop) as well helping them in the following activities:

• Integration of the security in the software development life cycle
• Identification of tailored remediations for specific technology contexts
• Implementation of security tasks in CI/CD pipeline
• Training of developers to secure coding
• Study and presentation of new vulnerabilities to developers, etc.

At Excellium, we see the AppSec as a combination of offensive and defensive approaches and mindsets. Indeed, our AppSec consultants are able to break into applications as well as add defensive measures into them. A strong personal investment is required to tackle both sides but it is both fascinating and rewarding.

The “confirmed” seniority level means that you have a proven consultancy experience, with the capacity to both in team or in autonomy. You are already able to identify vulnerabilities in an application, provide suitable countermeasure as well as providing effective code samples representing your remediation proposal.

PROFILE

A confirmed consultant is expected to demonstrate experience in three or more application security areas which are judged as essential:

As a Confirmed Application Security Consultant:

• Web, API, mobile (Android/iOS), desktop application penetration testing:
  • Not all are needed but you must have experience in at least one of them.
• Software development:
• You must know how a software is created from the design to the release phase in collaborative projects.
  • You must know how to develop software in one major programming language (e.g. Python, Java, C++, .NET…).
• CI/CD pipeline:
  • You must be able to create or enhance a CI/CD pipeline in order to add security-related tasks.
• Coding / Scripting:
  • You must be able to create Proof of Concepts as well as code samples in order to:
    • Proof the vulnerability that you found.
    • Help development teams to remediate an identified vulnerability.
    • Create custom tools or enhance existing ones in case of need.
• Create and give training:
• • • You must be able to create a complete training about an AppSec topic as well as enhance existing training.
    • You must be able to deliver a training to various audiences composed of technical and non-technical people.

Additional skills:

In addition, it is expected for the candidate to have :

• Excellent spoken and written communication skills, as explaining a vulnerability is just as important as finding it! Languages: English (Mandatory) and French (Preferred).
• Ability to work both autonomously and in peer.

You are a big enthusiast of IT security, you are curious and on the lookout for the latest news, security holes and technological advances, then apply !

The Excellium’s mindset:

At Excellium, the human aspect is at least as important as the CV and the certifications. We deeply appreciate to see who you are through your spare time projects, like for example contribution to open source projects/initiatives, participation to security events (as a speaker or attendees), etc.

Therefore, feel free to contact us even if you feel that you “do not check all the box” listed in this Confirmed Application Security Consultant offer, you have nothing to lose. Whatever the result of our meeting, we will have a techy exchange. Moreover, it is not because you may not join us today that you will not join us later. 🙂

Why contact us?

• You are looking for techy company and team mindset.
• You have a real passion for the IT security.
• You want to help to make software more secure.
• You want to exchange with people having the same passion as you.
• You want to work in company where “strong technical expertise” is recognized and rewarded as a real evolution path across your career (not everyone wants to be a manager or fits this role).

You will be our favorite candidate if : (and only if)

• You are a humble and positive person
• You are a Team Player (#XlmFamily)
• You love to share your knowledge or ideas with others.
• You maintain good relationships with Development Team.
• You do your job seriously taking into consideration business consequences
• You are willing to do more than “pwn”.

OFFER DETAILS

Contract: Full time

Location : 5 rue Goell L-5326 Contern, Luxembourg 

“Your personal data will be kept for a period not exceeding 3 months. If you agree, your personal data will be kept for up to 12 months for potential future job offers. “

WHO WE ARE?

  EVENTS