Learn cool things that matter!
Altran is always improving it’s software for our customers with strict requirements for software quality. An important part of the code quality is cybersecurity throughout the entire Software Development Life Cycle (SDLC). The development process consists of a Dev(Sec)Ops way of working and using a CI/CD pipeline as it’s backbone. This process is of course agile and the preferred way of working are in Scrum teams.
The agility and velocity of DevOps is challenging security professionals and there for a new approach is necessary. This is the DevSecOps method which “shifts security left” early in the CI/CD pipeline. Although Altran is already taking application security (AppSec) into account, we want to perform some research of new tooling that will enhance the current pipeline.
The scope of this assignment depends on the issues you have to overcome. In general we want a recommendation for the entire AppSec domain but implementing it as a Proof of Concept is a big plus. Our ideal profile would be a software engineer with a strong interest in cyber security and preferably following a minor in this domain. All tooling for research purposes can be used as trial software or preferable open source.
- Write a recommendation for our security team and developers
- Research threat modeling and risk analysis in the design phase of the SDLC
- Perform research to enhance an IDE (Visual Studio, Jetbrains etc.) with IDE static scan plug-ins for intelligent tooltips
- Enhance a CI/CD pipeline with security tooling in every stage of the process
- Research for tooling such as “Compliance as Code” and/or Software Composition Analysis (checking for compliant open-source libraries)
- Create a Proof of Concept environment and reduce false positives as much as possible
- Collaborate with the security, operations and development teams and report progress
- The languages and framework are for you to choose, but we prefer skills of embedded languages such as C/C++
- Cybersecurity for operations, infrastructure and processes are out of scope
- You will enhance our innovative software for our customers by securing the code developers are writing
- Perform threat modeling and think of “evil users stories” in the design phase
- Advice on secure coding techniques
- Define secure requirements and think secure by design
- Perform risk analysis before the start of a (fictional) project
- Researching how to keep credentials safe such as in a vault or secluded environments
- Enhance an IDE with a static scan plug-in
- Researching/implementing SAST (Static Application Security Testing) before runtime
- Researching/implementing DAST (Dynamic Application Security Testing) in runtime
- Researching/implementing vulnerability scans of third party libraries
- Creating a clear report with an acceptable number of false positives
- Knowledge of OWASP or other standards is a plus
- Experience with Agile, Scrum and/or KanBan is a plus
Technical level: HBO/WO
Field of study: Software Engineering preferable cyber security as a minor
Ready to ignite your career?
As global leader in innovation and high-tech engineering consulting, we work side by side with our clients in the creation and development of new products and services. We are on the cutting edge of technology and have established ourselves as the go-to partner for technical innovation and process improvement. Altran is proud to be the leader in its field.
Are you ready to become an Innovation Maker?
Apply by pressing the yellow button and upload your CV and Cover Letter. If you have any questions call or e-mail our Recruiter Estelle van Soolingen on Estelle.firstname.lastname@example.org or +316 23 84 87 73