Bachelor (EQF 6)
The post of Senior Specialist – DevSecOps & Cloud Native Security Engineer, is located in the Embedded ICT Security Team, ICT Infrastructure & Operations Unit, ICT Department, Capabilities Directorate.
The ICT Department has the responsibility for devising, delivering and operating critical technology capabilities and solutions supporting the core mission and support processes of Europol. Over 150 internal staff members and a significant number of domain-specific consultants are responsible for devising, developing, delivering and operating information management and communication technology capabilities that ensure enhanced criminal information analysis and exchange among Europol, Member States and third parties.
The ICT Infrastructure & Operations Unit is responsible for the operations and management of the Europol ICT Infrastructure. This includes Workplace services, Customer Service Centre, Solutions Operations and Deployment services, Infrastructure services and ICT Security.
The ICT Security team is responsible for the organisation wide implementation of security common practices and controls and for ensuring the delivery of secure solutions and products while maintaining an efficient security detection and response capability.
Purpose of the post:
The successful candidate will, together with fellow security experts, promote and support integrating security into the organisation’s software development life cycle while fulfilling security requirements within continuous integration, development and release processes.
She/he will be also responsible for defining consistent Secure Software Development Lifecycle practices for all Europol ICT projects throughout the planning and delivery cycles that assure mitigation of application security vulnerabilities while also evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Functions and duties:
The successful candidate will carry out the following main functions and duties:
- Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals;
- Create documentation and training material to educate development teams and other stakeholders on key security concepts;
- Implement and improve the Software Delivery Life Cycle (SDLC) and secure coding practices, application security requirements, automation, training, and metrics and integrate threat-modelling practices into the SDLC;
- Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security;
- Design secure software development and delivery systems meeting objectives such as speed, scalability, robustness, zero-trust, automation and supportability;
- Perform risk-based, technical assessments of applications, using dynamic and static scanning tools;
- Work with stakeholders in solution development and management to develop formal application security requirements and standards within Europol’s SDLC process;
- Provide expert security advice (design, coding, testing, etc.) to the software engineering community, to InfoSec, DevOps and other colleagues;
- Deliver and maintain cyber security solutions and components, with a specific focus on cloud-native technologies (containers based on Docker/Kubernetes, etc.);
- Design, build, support and perform day-to-day system management with regards to cloud-native security components, on-premises as well as on public cloud deployments (AWS and Azure Cloud) and implement security policies;
- Support Europol’s Hybrid Cloud initiative, including security governance, risk assessment, data protection, cloud-based identity and access management, technology/provider-specific architectures and monitoring/analytics both for on-premises cloud native and public cloud instances;
- Design, build and support AWS/Azure cloud security architectures;
- Perform any other tasks in the area of competence as assigned by the line management.