Jobs

For our office in Rotselaar we are currently looking for the following profiles. If you are interested in applying for one of these jobs, please contact us here.

Senior Penetration Tester

You can break into a web application with your eyes closed and your hands on your back. You have hands-on experience with Kali, Metasploit, Burp, ... You solved all the lessons in OWASP WebGoat without looking at the solutions guide. If you don't find a bug you continue to security test until you find an issue that can bypass all security controls. You are a white-hat hacker, trying to improve Internet security and want to help customers to sleep better at night. During holidays you visit security conferences like Black Hat, CCC, Brucon, ... You speak fluent Dutch and don't mind working with other penetration testers.

Senior Software Security Expert (SSSE)

ZIONSECURITY is looking for a motivated Senior Software Security Expert!

Profile

The Senior Software Security Expert (SSE) is responsible for web application testing, source code analysis, manual pen testing, SDLC coaching and training.

The SSE will help our customers to detect their security vulnerabilities, triage them and help to solve or mitigate the business risks using manual and automated tools. You will help our customer to define and install a Secure Development Lifecycle in an agile way of working.

Requirement

  • Minimal 4 years of experience in Information Security
  • Vulnerability Research & Exploit Development
  • Penetration Testing Execution Standard Automation Framework (PTES)
  • Experience with coaching and training in application security of developers
  • Development experience in languages like Java, Python, Ruby, PHP, .Net, Angular, Android, iOS,...
  • Penetration Testing - WebInspect, Acunetix, Netsparker Appscan, Fortify, Checkmarx, Veracode, Burp Suite, NMAP, Nessus, Metasploit, Core Impact, Qualys, Kali Linux, Samurai WTF, OWASP ZAP, SQLMap and manual testing

Experience

  • Red Team Operations
  • Experience with debugging and fuzzing
  • OWASP Top 10 security testing methodology
  • ISO 27034
  • Experience with SDLC like Agile, DevOps & Waterfall
  • Software development experience

Certifications

  • OSCP - Offensive Security Certified Professional
  • GXPN - Exploit Researcher and Advanced Penetration Tester



Education

  • Bachelor or Master in Computerscience or proven hands-on experience
  • GIAC Penetration Tester (GPEN)

IAM Security Consultant

The IAM Security Consultant will help ZIONSECURITY customers with the security architecture of the new identity paradigm in hybrid infrastructures and applications.

The IAM Security Consultant is responsible for implementation and best practice coaching for our biggest customers. They help translate business and security requirements into technical requirements and implementing it. The role requires both broad and deep knowledge of technology and identity management, with the ability to architect solutions by mapping customer business and security problems to our IAM solutions.

POSITION REQUIREMENTS:

  • Minimum 3 years of experience in Identity & Access Management (IAM), including designing and architecting solutions based on client requirements.
  • Minimum 3 years of experience with configuration and implementation of packaged or custom IAM solutions including:
    • Design and develop automated lifecycle and reconciliation of IT resources
    • Request-based application and resource provisioning
    • RBAC to entitled applications and resources
    • Role based resolution of approvers for request approval flows
    • Single Sign-on including technologies like SAML, OAuth, JWT, ..
  • Minimum 3 years of experience in consulting and implementation of IAM solutions across various service areas/groups.
  • Minimum 3 years of experience in at least two or more of the following IAM Functional Skills
    • Access Management
    • Identity Governance
    • Directory Services
    • Identity (De)Provisioning
    • Identity Management
    • Identity Management as a Service
  • Minimum 3 years of experience in at least two or more of the following IAM Vendor technologies or skills:
    • Oracle product Suite, IBM, CA SiteMinder, ForgeRock, Okta, PingIdentity, Auth0, CyberArk, NetIQ, UserCube, Microsoft Identity, Microsoft Azure
  • Demonstrated creativity in complex problem solving and ability to work under pressure
  • Strong project/program management experience
  • Ability to take business problems, existing processes and technology and translate these into service and process requirements
  • Effective communicator with great interpersonal skills and the ability to be credible with clients
  • Strong analytical skills with a structured problem-solving approach
  • High energy levels and commitment to stringent timelines
  • Ability to innovate and multi-task with minimal oversight
  • Strong written and verbal communication skills with the ability to present documentation and influence decision making
  • Staying up to date with the latest trends in Security, Identity & Access
  • Evangelizing trends within the team
  • Ability to detect and report business opportunities, transforming customer business cases in new projects

DESIRED QUALIFICATIONS:

  • Exposure to IAM practitioners and experts
  • Prior work experience serving C-Level clients as a security consultant
  • Industry-adopted security certifications (e.g. CISSP, ISO27000, ...),
  • Certification in IT operations or project management (ITIL, PRINCE2, ...)
  • IAM vendor or industry certification such as -
    • Certified Identity and Access Manager (CIAM)
    • ForgeRock Certified OpenAM Specialist
    • Oracle Identity Management - Security Administrator
    • Oracle OIM Suite Plus 11g Implementation Specialist, etc.
    • Certified CA SiteMinder Administrator
  • Bachelor or higher degree in a technical field (e.g. Computer Science, Engineering)
  • Prior experience in deployment and implementation of custom applications
  • Experience with any of the following security areas:
    • Information risk, privacy, and strategy (i.e. security and privacy policies, or risk assessments, or security and privacy compliance);
    • Application security; (i.e. application security testing or security integrations with Systems Development Lifecycle (SDL))
    • Infrastructure security; (i.e.- securing networks and servers or security monitoring)
    • Data security or encryption
    • GDPR
  • Prior experience with any of the following:
    • Identity lifecycle
    • Authentication Methods
    • Authorization models
    • SSO WAC technologies, Enterprise SSO
    • Federation
    • Privileged Account Management, Privileged User/Identity Management
    • Directory Services, Meta-Directory, Virtual Directory
    • Entitlement Management
    • OAUTH, OpenID Connect
    • JWT
    • SAML
    • XACML
    • JSON, REST, SOAP
    • HTML5, jQuery, Angular, React, Node.js
    • Microsoft Azure
    • Amazon Web Services