You want to join Excellium because… You are curious, motivated, and passionate!
Integrated within dynamic and passionate teams, as our new Confirmed Application Security consultant, you will have the opportunity to fully invest yourself, innovate and create from the latest technologies. You will quickly find your place at Excellium. In order to understand our business, the challenges of our customers and to support them we regularly organize meetings, workshops and training. We will thus help you level up your skills and position you on stimulating projects adapted to your profile and enabling you to surpass yourself.
Excellium is looking for a senior penetration tester to join the Intrusion and Application Security (IAS) Department based in Luxembourg. With more than 160 engagements performed in 2020 despite the pandemic, the IAS department is one of the largest offensive team in Luxembourg. The department has two practices where consultants specialize in either Application Security or Intrusion activities.
As Application Security (AppSec) consultant, you help clients to identify vulnerabilities in different kinds of applications (web, API, mobile, desktop) as well helping them in the following activities:
◼ Integration of the security in the software development life cycle
◼ Identification of tailored remediations for specific technology contexts
◼ Implementation of security tasks in CI/CD pipeline
◼ Training of developers to secure coding
◼ Study and presentation of new vulnerabilities to developers, etc.
At Excellium, we see the AppSec as a combination of offensive and defensive approaches and mindsets. Indeed, our AppSec consultants are able to break into applications as well as add defensive measures into them. A strong personal investment is required to tackle both sides but it is both fascinating and rewarding.
The “confirmed” seniority level means that you have a proven consultancy experience, with the capacity to both in team or in autonomy. You are already able to identify vulnerabilities in an application, provide suitable countermeasure as well as providing effective code samples representing your remediation proposal.
A confirmed consultant is expected to demonstrate experience in three or more application security areas which are judged as essential:
◼ Web, API, mobile (Android/iOS), desktop application penetration testing: not all are needed but you must have experience in at least one of them.
◼ Software development: you must know how a software is created from the design to the release phase in collaborative projects.
◼ You must know how to develop software in one major programming language (e.g. Python, Java, C++, .NET…).
◼ CI/CD pipeline: You must be able to create or enhance a CI/CD pipeline in order to add security-related tasks.
◼ Coding / Scripting: You must be able to create Proof of Concepts as well as code samples in order to:
Proof the vulnerability that you found.
◼ Help development teams to remediate an identified vulnerability.
◼ Create custom tools or enhance existing ones in case of need.
◼ Create and give training: You must be able to create a complete training about an AppSec topic as well as enhance existing training.
◼ You must be able to deliver a training to various audiences composed of technical and non-technical people.
In addition, it is expected for the candidate to have :
◼ Excellent spoken and written communication skills, as explaining a vulnerability is just as important as finding it! Languages: English (Mandatory) and French (Preferred).
◼ Ability to work both autonomously and in peer.
◼ You are a big enthusiast of IT security, you are curious and on the lookout for the latest news, security holes and technological advances, then apply!