Application Security Specialist (m/f) - Ref. IT-APS

Published on 25/11/2021

Commission de Surveillance du Secteur Financier (CSSF) logo

Commission de Surveillance du Secteur Financier (CSSF)

Working time
Type of contract
Spoken languages
FR , EN , DE , LB
Educational level


In order to reinforce its Security team, the CSSF is looking for an Application Security Specialist. The primary role covers the integration of security processes within the current software development lifecycle. Besides the SDLC role, the tenant will also act as a Tier 2 incident handler for applications related security incidents.

The job also includes a threat hunting part through application logs based on alerts generated by our applications stacks. The goal to reach is:

  • A better risks handling inside the home-made applications
  • A better threat detection
  • A quicker handling on the detected threats
  • Decrease the global vulnerability of the systems

The analyst will also participate in Red team vs Blue team exercises as a blue teamer.

Role & responsibilities

  • Understand business risks and be able to translate them into possible technical weaknesses in the applications
  • Create and maintain detection uses cases for web server and application threats
  • Create and maintain a continuous security validation platform closely linked to the classical continuous integration platform
  • Understand and enhance the current application security integration inside the software development lifecycle (SDLC)

Your profile

  • At least a Bachelor’s degree (Bac +3) in computer science. Certifications related to the below mentioned technical skills are an asset
  • Minimum two years of professional experience as a developer (a previous experience as an Application Security Specialist is an advantage)
  • Good general knowledge about cyber-attacks, post exploitation technics, and vulnerabilities commonly exploited in the web environment
  • Being able to read and understand configurations of classical web application servers like Apache, Tomcat, Jetty or IIS
  • Knowledge of OWASP and web intrusion test methodologies
  • Good skills in Linux environments
  • Knowledge of docker and associated orchestration tools
  • A practical usage of the framework OWASP ASVS & SAMM is an advantage
  • A previous experience in a pentest team is a real asset
  • Excellent skills in French and English, written and spoken. Knowledge of Luxembourgish or German is an asset
  • Pragmatic approach and solution oriented
  • Open minded and structured
  • Organized and excellent collaboration and communication skills
  • Dynamic, proactive and motivated
  • Being able to work both autonomously and within a team

The successful candidate (m/f) will be hired as public employee (“employé de l’Etat”) under a permanent contract. If the candidate meets the required conditions, s/he will be asked to apply for admission to the status of civil servant (“fonctionnaire de l’Etat”).

Prior to the conclusion of the contract, the candidate must submit an extract from the criminal record (bulletin n°3), dated less than 2 months, in order to prove their conduct and integrity.

Commission de Surveillance du Secteur Financier (CSSF) logo

Commission de Surveillance du Secteur Financier (CSSF)

283, route d’Arlon
L-1150 Luxembourg

Discover Commission de Surveillance du Secteur Financier (CSSF)

Application Security Specialist (m/f) - Ref. IT-APS

Apply online

Application Security Specialist (m/f) - Ref. IT-APS

😊 Survey