Application Security Expert

Arηs is a fully independent group of companies specialized in managing complex IT projects and systems for large organisations, focusing on state-of-the-art software development, business intelligence and infrastructure services.

We are composed of 17 entities across 9 countries that are unified by the Arηs Group, with more than 2500 consultants. This corporate structure enables us to respond quickly to market changes and customer requests, and to communicate and make decisions without layers of bureaucracy.

Our success can be attributed to the synergy among our nine complementary entities, combined with our methodologies, which are based on the Rational Unified Process (RUP) and the Scrum agile software development framework.

• Mapping and highlighting clients' application security risks.
• Preparing assessment reports detailing application security risks and their criticality.
• Recommending actions to address identified application security risks.
• Assisting clients in establishing processes and requirements for monitoring and auditing application security risks.
• Developing guidelines based on OWASP ASVS.
• Drafting security requirements (NFR, technical requirements) for client applications.
• Developing audit requirements within the context of SSDLC (Secure Software Development Life Cycle).
• Establishing processes and requirements for centrally managing vulnerabilities in applications and infrastructure.
• Registering application security risks and managing them effectively.
• Supporting clients' information security services in identifying necessary application security audit tools and skills.
• Set up application security audit processes for clients.
• Providing knowledge transfer of policies, standards, and methodologies to clients' information security services.
• Working with a data centre distributed between Amsterdam and AWS, supporting around 1,000 servers.
• Managing security for more than 100 exposed URLs serving around 40 external-facing applications.
• Supporting public cloud hosting solutions (IaaS, PaaS, SaaS) including MS Azure, SAP SuccessFactors, Cisco WebEx, AWS, etc.

• Bachelor’s degree in Computer Science, or related field.
• Minimum of 6 years of experience in application security or a related field.
• In-depth knowledge of application security risks and mitigation strategies.
• Familiarity with OWASP ASVS and SSDLC.
• Experience with public cloud environments (AWS, Azure, etc.).
• Strong understanding of security requirements (NFR, technical requirements) and audit requirements.
• Proficiency in establishing and managing security processes and requirements.
• Excellent communication skills with the ability to convey complex security concepts to non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or similar are a plus.