Security Engineer

Position Title: Senior ICT Security Engineer

Location: Luxembourg

Duration: 6 Months and renewable

Languages: French and English

Work mode: Onsite

CV Format: ITS19 CV + Candidate Screening Questionnaire

Job Description:

• Develop scripts and integrations to enhance vulnerability data using APIs and external sources.
• Support DevSecOps and Secure Software Development Lifecycle (SDLC) initiatives.
• Perform SAST and DAST to identify and mitigate application security vulnerabilities.
• Create and maintain Python scripts for system integration and automation.
• Deploy and manage vulnerability scanning tools in cloud, on-prem, and containerized (Kubernetes) environments.
• Analyze vulnerabilities, propose remediation actions, and track resolution.
• Execute regular vulnerability scans and compliance checks across various platforms (Windows, Linux/Unix).
• Conduct penetration testing and contribute to security assessments.
• Define security requirements and evaluate architectures for in-house and outsourced projects.
• Perform risk analysis and support ICT security across the project lifecycle.
• Administer and configure security tools; troubleshoot and resolve issues.
• Prepare reports and presentations for technical and non-technical stakeholders.
• Monitor vulnerability advisories and perform ongoing threat intelligence.
• Collaborate daily with ICT teams and management to track incidents, events, and vulnerabilities.
• Support incident response, including after-hours availability for critical events.

Requirements

• Master's degree in IT field with minimum of 6 years of relevant experience.
• At least 3 years of experience in ICT security management (e.g. ISMS implementation, security policy development).
• Minimum 2 years of experience as a team leader or project leader on major security-related projects.
• At least one ICT Security professional certification is also required.
• Strong experience in application security, vulnerability assessment, and penetration testing.
• Solid experience of SDLC, DevSecOps, CI/CD pipelines, and security testing (SAST/DAST).
• Proficient in Python and Java programming.
• Hands-on experience with vulnerability scanning and management tools (on-prem and cloud).
• Familiarity with cloud platforms (e.g. Azure, AWS).
• Good exposure on Windows and Linux/Unix security.
• Experience with automation and vulnerability notification/reporting systems.
• Excellent English (C-level, written and spoken); good command of French is an asset.