Over deze vacature
Collaborate with DevSecOps teams to integrate security tools into CI/CD pipelines and ensure effective security testing (SAST, DAST, SCA).
De functieWe are looking for a skilled and detail-oriented Core Security Engineer to strengthen our security posture and ensure compliance across all levels of our Java-based applications and infrastructure. The ideal candidate will focus on security architecture, risk analysis, and vulnerability management while working closely with our development and DevSecOps teams to implement security controls and ensure robust compliance.
Over het bedrijfASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
AanbodYou will be employed by YER and seconded to our client. We offer:
- Good employee benefits
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
- Conduct thorough security assessments, including risk analysis, threat modeling, and vulnerability assessments.
- Collaborate with DevSecOps teams to integrate security tools into CI/CD pipelines and ensure effective security testing (SAST, DAST, SCA).
- Implement and manage secret management and access control policies across all environments.
- Ensure security best practices in cloud, container, and on-premise environments (e.g., GCP, Docker, Kubernetes).
- Monitor security incidents and support the incident response process.
- Lead initiatives to implement and uphold industry compliance standards (e.g., SOC 2, EU CRA, ISO, NIST).
- Develop and maintain security policies, standards, and guidelines.
- Conduct training and knowledge-sharing sessions to promote security awareness. Educate and guide product, development, and operations teams on security best practices, fostering a strong security culture.
Education and Experience
- A Bachelor or Master in a technical field
- 3+ years of experience in security engineering or related roles.
- Strong background in Java security, secure coding practices, and risk assessment.
- Proficient in security assessment tools (e.g., SonarQube, Checkmarx, OWASP ZAP, Trivy) and hands-on experience with SAST, DAST, and SCA.
- Familiarity with infrastructure as code tools (e.g., Terraform, Ansible) and CI/CD pipelines.
- Expertise in cloud and container security (AWS, Docker, Kubernetes).
- In-depth knowledge of industry standards and frameworks (CIS, MITRE, ISO, NIST) and compliance standards (SOC 2, EU CRA).
- Excellent analytical, problem-solving, and communication skills.
Nice to have
- Experience with SIEM tools (e.g., Splunk, ELK) for monitoring and threat detection.
- Knowledge of incident response and risk management frameworks.
Skills
- Excellent collaboration and communication skills with technical and non-technical people
- You have a passion for security.
- You're able to motivate your team, foster collaboration, and give directions
- You're enthusiastic about solving complex problems and translating them into modern, elegant and simple solutions
- You like to discuss technical challenges and you're motivated to push the boundaries of technology