Let's work together!
Over de functie
As Specialist in Application Security you are part of the IT Application Security team in and work together with about 18 of your colleagues in IT security and will responsible for conducting detailed Security assessments mainly on new and existing Applications and IT services within ASML, assist and advice projects on security related questions and help drive the security improvements for ASML. You will be interacting with stakeholders on different levels in in IT, but also within ASML sectors.
SAP technology plays a key role in the security assessments. Experience with a security of a wide range of SAP applications is a must in this role.
• The security finding register contains all TVA findings and risks that are reported within IT Security, and is used to follow up on actions and register progress. Assessing existing or new IT services ( on premise or cloud) on technical vulnerabilities and weaknesses based on ASML
process and tooling;
• Assessing systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
• Advise on security improvements and additional controls;
• Translating assessment results into an Information Security Specification (Security plan for service) Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions.
As an application security specialist you will be responsible for:
• Improving and maintaining an Application Security Register, Manage and follow-up on security assessment findings;
• Keep track of follow up actions and deliver management reporting;
• Perform project intake assessments in cooperation with the Project Security officer;
• Represent, on occasion, IT security in IT project and intake boards where required;
• Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
• Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
• Translating assessment results into an Information Security Specification (Security plan for service);
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions;
• Performing detailed security assessments on applications and IT services;
• Adding information to the different Security registers from Business impact assessments (BIA’s),
IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
• Report on progress and deliver management reports;
• Improve procedures to keep the security registers, application registers and assessment processes up to date;
• Advise on security improvements and additional controls;
• Assess IT security exception requests;
• Update and maintain security baselines and standards;
• Assist IT Security risk management
• Academic qualifications are an advantage, but not a substitute for professional experience;
• Valid industry certifications such as the Certified Information Systems Security Professional
(CISSP/CISM/CISA) are a plus;
• CCSP or equivalent is a plus
• Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
• Deep Knowledge of current security technologies and governance processes
• IT audit experience is a plus
• In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
• NIST Cyber Security Framework
• ISF Standard of Good Practice for Information Security
• NIST SP 800 30 framework
• ISO 27001/2 framework
• Knowledge of security in Agile is a plus
Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on IT services and applications;
• Experience with a wide range of SAP applications is a plus (no authorization management);
• Experience with Cloud security and 3rd party management;
• Experience in collecting information through research and interviews;
• Excellent English communication and presentation skills. Command of the Dutch language is a plus;
• Good working knowledge of Office suite applications like Excel and SharePoint;
• Excellent verbal and written communication skills;
• Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision
• Able to operate independently, self-starter
• Ability to interact with all levels including users, engineers, executives and senior managers
• Deep technical knowledge of IT-security and Information Security and Architecture methodology.
• Ability to overcome organizational resistance
• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
• Analytical, precise, tenacious, autonomous
• Able to digest large amounts of new information quickly, and derive key security requirements
• Able to grasp the deep technical characteristics of new environments quickly
• Able to draft clear and concise visualizations of complex environments
• Able to fairly represent conflicting stakeholder needs to enable informed decision-making
• Able to stand your ground in a flexible / changing environment
• Able to work with rapid changing demands
The expected duration for this project is 3 months.
ASML is a world leader in the manufacture of advanced technology systems for the semiconductor industry. The company offers an integrated portfolio for manufacturing complex integrated circuits (also called ICs or chips). ASML designs, develops, integrates, markets and services advanced systems used by customers – the major global semiconductor manufacturers – to create chips that power a wide array of electronic, communications and information technology products.
Voor meer informatie neem je contact op met Glenn van den Dungen via telefoonnummer 06-13596146
Werken voor Yacht
Yacht is dé organisatie van en voor professionals. Wij verbinden professionals en organisaties die het verschil willen maken. Ons doel is optimaal resultaat: jou als professional uitdagend werk bieden waarmee jij de organisaties van onze opdrachtgevers blijvend verbetert. Behoor jij tot de beste professionals in jouw vak? Wil je samen met vakgenoten het verschil maken bij toonaangevende organisaties? We geloven dat diverse teams van belang zijn voor ons als lerende organisatie die voorop wil blijven lopen in de wereld van werk. Want juist verschillen tussen mensen zorgen voor groei. Van collega's, klanten, kandidaten en daarmee van Yacht. Heb jij een uniek talent? We ontmoeten je graag.
Uiteraard staat deze vacature open voor iedereen die zich hierin herkent.