Wat ga je doen
As a Security Analyst you will be performing security testing on PON’s applications and IT infrastructure. Apart from this, you will be working in the Security Operations Center handling complex security incidents and ensuring that appropriate countermeasures are taken in a timely manner.
Roles and Responsibilities
- Execute engagements in application security assessments, infrastructure security Penetration Testing, and Vulnerability Assessment on IT infrastructure, interpret the results and determine the business impact together with the security managers and the business.
- Profile an application, identifying threats, and developing test cases to target identified threats.
- Identify and exploit vulnerabilities in applications and infrastructure.
- Prepare reports documenting identified issues based on guidelines and industry standards.
- Interact with business in a collaborative consultative manner to deliver results, provide feedback and remediation recommendations on findings.
- Act as a consultant/advisor in presenting risk and mitigation controls to the business based on the assessments, for example identify potential vulnerabilities based on misconfiguration, policy, or design flaws on the organization’s IT applications and infrastructure.
- Perform validation on Responsible Disclosures and provide remediation recommendations to business and development teams to mitigate vulnerabilities.
- Apart from these responsibilities, the analyst will be working on various technologies in the Security Operations Center like Endpoint Detection and Response, SIEM solutions, threat intelligence etc.
- Being a team player sharing your knowledge and skills with your team and learning from your teammates.
Wat vragen we van jou
As a Security Analyst you should be innovative, independent and a critical thinker. We expect you to be vigilant at all times so that you can prevent PON’s crown jewels from being stolen, damaged or compromised by hackers.
Desired Technical Experience
- A minimum of around 3-5 years of experience in security penetration testing.
- A minimum of Bachelor’s degree and relevant certifications such as OSCP, GIAC, etc.
- Experience on security testing using OWASP TOP 10, OSSTMM, SANS 25 standards as reference in Web Applications Security Assessments.
- Profiling applications, identifying threats, developing test cases and relevant threat models.
- Experience in exploitation of vulnerabilities in applications, networks and IT infrastructure.
- Experience in security testing of mobile applications/API’s of Android/iOS.
- Experience with tools like BurpSuite, Charles Proxy, OWASP Zap, Fiddler, Acunetix, NetSparker, Nessus, Nexpose, Wireshark, Nmap, etc.
- Experience on research of emerging security topics and new attack vectors.
- Knowledge on technologies like IPSEC, SSL, SSH, VPN, DNS, SMTP, FTP.
- Open to learn new things and a hands-on mentality.
- Preferably purple team skills such as penetration testing, investigation & root cause analysis, red teaming techniques, tactics and procedures, incident response or eager to learn this.
*Desired but not mandatory. If you do not meet the full experience we would still like you to apply
Skills and Ability
- Excellent written and verbal communication skills in English and preferably also Dutch.
- Good interpersonal skills, Team player.
- Should be a self starter, Independent.
- Should be able to work 4 days on-site in Almere based on a 40 hour contract.
Note: Pre-employment screening may be performed.
Wat bieden wij
You will become a member of a growing team with ambitious colleagues that are open for innovative ideas, knowledge sharing within a dynamic company. Furthermore, we offer:
- A competitive salary
- A performance bonus of up to 8%
- A pass from ‘Shuttel’
- A cell phone and laptop
- 20 vacation days per year based on full-time employment
An ‘individual choice budget’, consisting of: 8% holiday allowance, 13 extra-statutory leave days, € 300 gross employer contribution ONVZ (if applicable) and € 600 gross employer contribution private lease on an annual basis
- A good pension scheme from Pon
- The opportunity to influence your working hours, travel time and workplace by means of “Smart Working”
- The possibility to work on your development through our summer and winter labs, but also through training and following various courses
- Participation in Pon Fit activities, such as bootcamps, running events, golf clinics, hockey, etc.
- The possibility to make use of the collective health insurance (ONVZ) (with discount)
- Staff discount on Pon’s own products and services with a maximum of € 500 per year
Over de organisatie
Pon is an international trade and service organization with almost 16,000 employees spread over 112 companies in 34 countries and one of the largest family businesses in the Netherlands.
Information technology is becoming increasingly important to Pon. Pon IT’s vision is to create a highly dynamic environment in which people and their commitment and talent determine the correct use of information & technology, making our companies even more successful.
Partly due to the digitization of our business, information security is of great importance. At Pon it is our mission to provide all our products and services with the necessary security measures. In the unlikely event that something goes wrong, we will respond quickly and adequately.
Pon IT works for various Pon companies and provides expertise and services in the areas of cloud, network, collaboration, data analytics, information security and user support. Our ambition is to deliver a portfolio of digital services that enable our customers to innovate and make a difference for their customers. Our focus is to automate our processes where possible, which benefits the speed of our services.
You will have two or three interviews with colleagues
During these interviews we will discuss 1 or 2 cases.
After the two interviews you will discuss the employment conditions with HR
Applying for a Certificate of Good Behavior (VOG) is an integral part of our employment procedure. We apply for the VOG for you in the digital environment of the government Justis.
Do you have questions about the position or the expectations? Please contact Alexander Garrelfs: