Aller au contenu

Menu principal. Appuyez sur les touches Entrée ou Espace pour agrandir et sur la touche Échap pour réduire

Information Générale

Entreprise
Deloitte
Département
Enabling Functions
Localisation principale
Zaventem
Centre d'intérêt
Technology
Industrie
Industry Agnostic
Recruteur/Recruteuse
Al-Mbaidin, Kais - kalmbaidin@deloitte.com

Description du poste

Your journey with us

The Application Security Compliance Engineer will play a key role in safeguarding the organization’s applications and systems by ensuring adherence to global and industry security standards. This role involves reviewing security documentation for new and existing applications, assessing their compliance posture, and providing expert guidance on remediation and secure development practices. The ideal candidate will have deep knowledge of application security, penetration testing methodologies, and secure software development lifecycle (SSDLC) frameworks.

Key Responsibilities:
  • Review and assess security documentation (e.g., security design reviews, risk assessments, and threat models) for new and existing applications.
  • Ensure that applications comply with internal Global Security Standards and external industry frameworks (e.g., ISO 27001, NIST, OWASP).
  • Collaborate with application development teams to integrate security into all stages of the SSDLC.
  • Analyze and validate results from DAST, SAST, and Open Source Software (OSS) scanning tools, ensuring findings are accurate and risk-prioritized.
  • Review and validate penetration testing findings, providing guidance on remediation steps and challenging results when discrepancies arise.
  • Partner with pen test teams, developers, and project managers to track and close security findings within defined timelines.
  • Provide expert advice on secure coding practices and assist in the evaluation of security controls in new applications or technologies.
  • Stay current with emerging threats, vulnerabilities, and application security trends.
  • Contribute to continuous improvement of the organization’s security review and testing processes.
Let's talk about you
  • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
  • 4+ years of experience in Application Security, Penetration Testing, or Security Assessment roles.
  • Strong understanding of application security principles, OWASP Top 10, and common attack vectors.
  • Hands-on experience with DAST, SAST, and OSS vulnerability scanning tools (e.g., Burp Suite, Snyk, Checkmarx, Fortify, SonarQube, etc.).
  • Familiarity with secure coding standards and the Secure Software Development Lifecycle (SSDLC).
  • Ability to interpret and evaluate penetration testing results, identifying false positives and prioritizing true risks.
  • Excellent communication skills with the ability to articulate security risks to technical and non-technical stakeholders.
  • Strong analytical and problem-solving abilities with attention to detail.
  • Professional certifications such as OSCP, CEH, CISSP, CSSLP, GWAPT are plus
  • Understanding of cloud security principles (AWS, Azure).
Highly skilled and motivated professionals in our IT Team support with different projects to deliver innovative solutions and with specialized operational guidance to ease our internal clients each day. IT's mission is to embed technology which supports the 'Deloitte way' of doing business, providing a distinctive experience that enables new business, transforms the existing business and provides world class customer support.