Senior Application Security Consultant (Threat Modeling)

Who are we?

It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks! This means we offer cyber security services to private and governmental organizations to help them better prepare for, prevent, detect and respond to cyber security incidents.

All of this is built on four fundamental values that define who we are: We are Proud, We Break Barriers, We Care and No BS.

Tasks

As an Senior Application Security Consultant, you assist clients in creating a more secure development process, you actively coach developers in secure coding and help implement security concepts into the development lifecycle. Using your knowledge of security, you will help creating more secure applications.

Projects you will work on will consist of:

• Implementing security controls inside of the development process, in order to increase the overall maturity of the software development lifecycle's at our client's.
• Presenting your roadmap to increase the maturity of our client's software development practice;
• Providing hands-on training on secure development concepts and secure coding to developers of various coding languages;
• Scope, Execute & Plan assessment type of projects including
• Threat modeling
• Architecture Reviews (software based)
• Maturity Assessments (SAMM, DSOMM,...)
• Securing the development pipeline
• Source code reviews (if interested)

Requirements

You have a strong interest in the field of IT security and believe the following to be applicable to you:

• You hold citizenship in one of the 32 NATO member states;
• A previous experience in penetration testing, threat modeling or related projects;
• Knowledge of development frameworks, application architectures and authentication systems (OpenID, oAUTH, ...)
• a deep understanding of development practices, preferably with some hands-on experience in coding yourself;
• Experience using build tools (e.g. Jenkins, TFS, maven,...);
• Strong knowledge of secure development lifecycle (SDLC) and practical implementation, requirements gathering and test planning, software architecture and secure coding;
• Hand-on experience with tooling to secure the development pipeline (SAST, DAST, ...);
• The ability to credibly talk to (top)-management in a convincing manner on security in software development;
• Experience providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
• Positive, team and mission-oriented attitude;
• Strong interpersonal and verbal/written communications skills that enable the ability to work effectively in a collaborative team environment;
• Excellent English communications skills, both verbal and written; Dutch and / or French is a plus;
• You are ambitious and want to help clients;
• You are willing to learn and become a better version of yourself, everyday;
• Candidates must recognize and deal appropriately with confidential and sensitive information.

Benefits

At NVISO, we care. We are committed to offering you a highly competitive remuneration package including financial and non-financial components:

• A training budget of 10.000€ and 10 days every 2 years
• Company car and Belgian fuel card
• Working and learning from the best people in the European cyber security industry. We have multiple SANS Instructors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, OWASP, etc) and all of our technical staff can acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc)
• An entrepreneurial and agile working environment, where you will be challenged, stimulated and supported in driving new initiatives (either through internal innovation or by improving our service offering), without losing sight of having fun!
• Regular team-building and fun events with legendary off-site events once a year. The location of the next team building is one of the most closely guarded secrets at NVISO… We can however disclose that we’ve visited Lisbon, Dubai, Malta and Lapland over the past few years;
• Our commitment to coach and counsel you and help you grow; each employee receives a personal coach within the team, whose role is to ensure your well-being and helps you grow in your career!
• Flexible working hours, working from home and even the possibility to work from abroad;
• Flex Income Plan
• 32 paid leave days

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI-powered tools is only permitted to a limited extent.

Our expectations:

• Application documents must authentically reflect your own qualifications, personality, and motivation.
• The use of AI for supportive purposes (e.g. spell-checking, improving wording) is acceptable.
• Fully generated application documents created by AI without personal adaptation or review are not permitted.
• Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.

We are a young team of cyber security professionals who decided to do things differently. With innovation rooted in our foundations, we offer services that are up against the modern adversary and that help you Prevent, Detect & Respond to cyber attacks.

Curious for more? Say hello and meet the team!