SopraSteria is looking for Junior Security Engineers in order to reinforce its fast growing Security team.
As Junior Security Engineer, you will be part of the Security team involved in various Security projects including: cybersecurity, cryptography, PKI, reverse engineering, malware detection, penetration testing, Security of critical systems, Security Analysis,…
SopraSteria will offer you the possibility to evolve as a Senior Security Engineer, and then as cybersecurity/PKI Architect, Forensics Analyst,...
- You have a Computer Science diploma or equivalent experience
- You have a good understanding of the security concepts
- You are open-minded and have good communication skills
- You have a good analytical mind and you are a problem solver
- You speak French or Dutch completed by English.
- Knowledge of another EU language or having studied/worked abroad in EU outside Belgium is a plus.
Your knowledge/experience :
We are interested in young and willing to learn candidates having at least one amongst the following experiences:
- Experience with network security weaknesses and mitigations both at protocol level and at equipment level (Cisco, Juniper, OpenVPN,…)
- Skill to explain in simple term the core principle of a security mitigation, the whys behind the mitigation and capacity to drill down to the bits and bytes level if required.
- Experience with Windows Domain security assessment and mitigations (DC/AD)
- Attendance/presenter to conferences similar to FOSDEM (security devroom) or Brucon.
- Experience with Opensource or commercial Cryptography/PKI (EJBCA, Openssl, PolarSSL, PKCS#11, Opentrust, Safelayer, Microsoft CA/PKI).
- Experience with Linux Hardened and hardening techniques for OS distros (Redhat, FreeBSD, Qubes OS, CentOS, Mint,…)
- Experience/understanding of MacOS/iOS security models.
- Experience with cryptographic libraries such as bouncycastle.
- Experience with opensource or commercial single sign on protocols (SAML/Oauth2/..) and systems (Gluu, Apache ModSSO,…)
- Experience with two factor authentication protocols and tools (FIDO U2F,…)
- Experience with Opensource or Commercial Security Tools (nmap,nessus, Backtrack/Samurai/Kali, Suricata, Wireshark/TCPdump, Metasploit/Rapid7 Nexpose, Hexrays, IDA pro, Ollydbg, OSSEC intrusion detection, ElasticSearch or Splunk analytics, OpenSSH, Sudo, IPchains …)
- Knowledge of exploitation/defense techniques of OWASP top 10 (XSS, CSS XSRF,…)
- Experience with Virtual machine security analysis, mitigation definition, configuration (VMware, XEN, Docker)
- Experience with Opensource or commercial forensics
- Experience with Security analytics (ElasticSearch or Splunk analytics, …)
- Experience with deep learning applied to behavioral security
- Experience with cryptographic tools such as peerio, Cryptocat, minilock, PGP, truecrypt on TCnext or similar
- Experience with threat information exchange (f.e: MISP, …)
- Understanding of security concept developed in tools such as blackphone, Samsung Knox, Gemalto Trusted Execution Environment, Trustonic, MobileIron, VMware/airwatch, Safenet Security tokens and HSMs, …
- Security code review using tools such as Coverity or Fortify or opensource equivalent
- Experience with risk management tools such as EBIOS, CRAMM or Verinice
- Besides the pure security experience:
- Knowledge of python, powershell, Perl or Ruby is a plus
- Certification in SANS GAWP or similar is a plus.
- Participation to hacking challenge or opensource security project as a developer is a plus (f.e: on github, …)
- Retained Candidates will have the opportunity to develop unique Cybersecurity skills both via hands-on experience and education completed with a certification program in the security field (SANS, CISSP,…) complying with EU institutions and Governmental needs.