Sopra Steria Benelux

Junior Security Engineer

Sopra Steria Group, a major player in consulting, technology services and software publishing in Europe, assists its clients in the successful transformation of their business and information systems. By combining value and innovation in the solutions proposed, and delivering utmost quality and performance in the services provided, Sopra Steria Group positioned itself as a preferred partner for major companies and organizations; especially those looking for the best use of digital technology for their development and competitiveness. The Group has over 40,000 employees and generated a turnover of over 3.7 billion Euros in 2016. For more information, find us on www.soprasteriagroup.com.

You want to enlarge your career scope working on a multi-cultural environment, involved in interesting Security projects within the Public and the Private Sector? Check this opportunity.

Your Mission

SopraSteria is looking for Junior Security Engineers in order to reinforce its fast growing Security team.

As Junior Security Engineer, you will be part of the Security team involved in various Security projects including: cybersecurity, cryptography, PKI, reverse engineering, malware detection, penetration testing, Security of critical systems, Security Analysis,…

SopraSteria will offer you the possibility to evolve as a Senior Security Engineer, and then as cybersecurity/PKI Architect, Forensics Analyst,... 

Your Profile

-       You have a Computer Science diploma or equivalent experience

-       You have a good understanding of the security concepts

-       You are open-minded and have good communication skills

-       You have a good analytical mind and you are a problem solver

-       You speak French or Dutch completed by English.

-       Knowledge of another EU language or having studied/worked abroad in EU outside Belgium is a plus.

Your knowledge/experience

We are interested in young and willing to learn candidates having at least one amongst the following experiences:

-       Experience with network security weaknesses and mitigations both at protocol level and at equipment level (Cisco, Juniper, OpenVPN,…)

-       Skill to explain in simple term the core principle of a security mitigation, the whys behind the mitigation and capacity to drill down to the bits and bytes level if required. 

-       Experience with Windows Domain security assessment and mitigations (DC/AD)

-       Attendance/presenter to conferences similar to FOSDEM (security devroom) or Brucon.

-       Experience with Opensource or commercial Cryptography/PKI (EJBCA, Openssl, PolarSSL, PKCS#11, Opentrust, Safelayer, Microsoft CA/PKI).

-       Experience with Linux Hardened and hardening techniques for OS distros (Redhat, FreeBSD, Qubes OS, CentOS, Mint,…)

-       Experience/understanding of MacOS/iOS security models.

-       Experience with cryptographic libraries such as bouncycastle.

-       Experience with opensource or commercial single sign on protocols (SAML/Oauth2/..) and systems (Gluu, Apache ModSSO,…)

-       Experience with two factor authentication protocols and tools (FIDO U2F,…)

-       Experience with Opensource or Commercial Security Tools (nmap,nessus, Backtrack/Samurai/Kali, Suricata,  Wireshark/TCPdump, Metasploit/Rapid7 Nexpose, Hexrays, IDA pro, Ollydbg, OSSEC intrusion detection, ElasticSearch or Splunk analytics, OpenSSH, Sudo, IPchains  …)

-       Knowledge of exploitation/defense techniques of OWASP top 10 (XSS, CSS XSRF,…)

-       Experience with Virtual machine security analysis, mitigation definition,  configuration (VMware, XEN, Docker)

-       Experience with Opensource or commercial forensics

-       Experience with Security analytics (ElasticSearch or Splunk analytics, …)

-       Experience with deep learning applied to behavioral security

-       Experience with cryptographic tools such as peerio, Cryptocat, minilock, PGP, truecrypt on TCnext or similar

-       Experience with threat information exchange (f.e: MISP, …)

-       Understanding of security concept developed in tools such as blackphone, Samsung Knox, Gemalto Trusted Execution Environment, Trustonic, MobileIron, VMware/airwatch, Safenet Security tokens and HSMs, …

-       Security code review using tools such as Coverity or Fortify or opensource equivalent

-       Experience with risk management tools such as EBIOS, CRAMM or Verinice

Besides the pure security experience:

-       Knowledge of python, powershell, Perl or Ruby is a plus

-       Certification in SANS GAWP or similar is a plus.

-       Participation to hacking challenge or opensource security project as a developer is a plus (f.e: on github, …)

Retained Candidates will have the opportunity to develop unique Cybersecurity skills both via hands-on experience and education completed with a certification program in the security field (SANS, CISSP,…) complying with EU institutions and Governmental needs.

We offer

We offer the opportunity to work in a fast growing and dynamic team on challenging national and international projects in different industries. We also offer the opportunity to continuously deepen your knowledge and to further develop your personal competencies.

If you want to boost your career and join a growing European leading IT services company, do not hesitate to check this opportunity and send your resume to roberto.alvarez@SopraSteria.com