The European Patent Office is seeking a Software security and quality expert (administrator)

in DG 2 - IM, PD Service Creation, Dept. Common Build Services

Place of employment: The Hague

Job group 4
Grade G7 G10

Deadline for applications: 29.3.2016

The mission of the Common Build Services department is to provide a framework to support and manage the standardised creation of new IM services and to ensure that services provided by external suppliers follow similar principles to maximise the efficiency of software delivery, allow full control by IM Service Operations of the applications in use, and ultimately guarantee the quality of software delivered to our internal and external users.
Main duties

The software security and quality expert will be responsible for:

-Elaborating, in collaboration with other groups within the organisation (CIO Office, E&I, etc.), the IT security standards relevant to the area of reference in accordance with the EPO security policies
-Maintaining coding guidelines for the software stacks used at the EPO
-Creating guidelines and patterns to support the implementation of standards
-Improving existing activities within the secure system development lifecycle, including templates relating to security requirements, security testing, threat modelling, automation of security and quality checks on the code produced within the EPO's continuous development environment, and third-party open-source compliance
-Supporting projects in the definition and review of security requirements and the definition of security tests and acceptance criteria for their validation
-Supporting critical projects in threat modelling analysis on the proposed solution architecture for both internal and external developments
-Managing scope and co-ordinating corrective actions stemming from reports of third-party code reviews and penetration tests
-Participating, when required, in the other activities of the Common Build Services team
-Monitoring technology and forecasting potential technological developments

Candidate profile

The ideal candidate will have

-very good knowledge of processes generally involved in the delivery and acceptance of new IT solutions, and proven experience in activities relating to security and quality
-the ability to interact with several project teams comprising internal and external EPO staff in parallel and to provide guidance on the main duties requested and the IT security policies of IM/the EPO
-the ability to work under pressure to strict deadlines and to prioritise effectively in line with the deliverables for the unit or project
-the ability to understand, present and integrate new concepts, methodologies and external standards in the area of software security and quality at the EPO
-the ability to work both independently and as a team player, and to supervise co-workers
-strong analytical skills and the ability to present complex concepts in simple terms
-a proactive approach to identifying own development needs and an ongoing commitment to learning and self-improvement
-the ability to actively and consistently create a collaborative and constructive working relationship both inside and outside the department
-a service-oriented attitude aimed at delivering a reliable, accurate and timely service
-well-developed communication and influencing skills combining a high level of fluency, clarity, confidence, and the capacity to create a positive and credible image with the ability to gain buy-in using compelling, well-thought through arguments

Skills and qualifications

-Knowledge of methodologies in the area of requirements, with particular emphasis on security requirements
-Very good knowledge of SDLC and Secure SDLC methodologies
-Very good knowledge of code reviews, penetration testing, threat modelling and security test methodologies
-Thorough understanding of potential attack vectors such as OWASP Top 10, CWE/SANS Top 25 and countermeasures
-Knowledge of mainstream tools for static and dynamic code analysis
-Experience with validating software maintainability requirements
-Knowledge of enterprise and security architecture frameworks such as TOGAF, SABSA
-Profound knowledge of authentication and authorisation standards and industry best practices
-Solid experience with infrastructure and application-level security (10+ years)
-Relevant certifications or equivalent training in the area of software security (i.e. CSSLP, CISSP)
-Knowledge of ArchiMate would be an advantage

Minimum qualifications

-Diploma of completed studies at master's level or - in exceptional cases - equivalent professional experience. Excellent knowledge of one official language (English, French or German) and ability to understand the other two.
-Citizenship of one of the member states of the European Patent Organisation.

Salary and benefits

The EPO offers competitive salaries, an excellent social package, and varied work in a modern international environment. The net (basic) monthly salary* for this vacancy ranges from EUR 5 223 to 7 396, depending on experience. In addition, depending on their personal circumstances, EPO staff may be entitled to relocation benefits and various allowances (e.g. household, dependant's, childcare, education, expatriation, installation, rent and language allowance).
Process and timeline

The successful candidate will be selected on the basis of qualifications, supplemented as appropriate by interviews, tests and/or a personality questionnaire.

It is intended to hold the interviews in calendar week 15 (2016) in The Hague.

Application until: 29.3.2016

Please apply here: