Cryptography & Security Specialist

Job DescriptionOur client, a leader in pioneering technology, is dedicated to solving some of humanity’s most complex challenges. In partnership with key industry players, they offer cutting-edge patterning solutions that are integral to the progression of microchip technology. If you're passionate about incorporating security into processes and Information Technology, this might be the perfect opportunity for you.Job MissionAs a Cryptography and Security Specialist, you will join the Application Security team within the Technology Security Competence Center (TSCC), a segment of the Risk & Business Assurance (R&BA) department. Your primary responsibility will be to analyze security systems for potential vulnerabilities that could be exploited. This role involves identifying weaknesses and advising on the application and strengthening of cryptography. You will also be instrumental in identifying and testing new technologies that could be integrated into the organization's framework.Your duties will include conducting comprehensive security assessments, primarily focusing on new and existing applications and IT services. Additionally, you will provide assistance and advice on security-related queries in projects, and contribute to driving security enhancements. This role requires regular interaction with stakeholders at various levels within IT and across different sectors of the organization.This position plays a crucial role in safeguarding the organization’s information, Intellectual Property (IP), and assets, as well as those of their customers and suppliers, within the scope of the proposed solutions. This entails ensuring alignment with the organization's Information Security strategies and compliance with security policies, standards, and guidelines. It may also involve proposing additions and improvements to these standards to enhance overall security.

As a Cryptography and Security Specialist, you will be responsible for:Giving advice on which cryptographic tools/products to use and how to embed these in the environment.

Giving advice on which form of encryption best fits the environment, taking into account different factors, i.e., the classification of the data.

Keeping your knowledge up-to-date, especially in the cryptographic domain.

Setting up and monitoring governance and (co-) setting up processes and monitoring of these processes.

Performing project intake assessments in cooperation with the Project Security Officer.

Assessing applications and systems to be implemented or actual implementations based on assessments of high- and low-level designs, interviews and/or testing.

Assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling.

Translating assessment results into an Information Security Specification (security plan for service).

Communicating observations to the relevant stakeholders, advising on mitigation and following up on actions.

Adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources.

Adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings.

Improving and maintaining an Application Security Register, manage and follow-up on actions and register application progress.

Keeping track of follow-up actions and deliver management reporting.

Representing, on occasion, the TSCC in IT projects and intake boards where required.

Assessing IT security exception requests on validity and providing advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls.

Improving procedures to keep the security registers, application registers and assessment processes up to date.

Creation and execution of roadmaps, standards, design patterns and frameworks, specifically on cryptography. Working together with different stakeholders within and outside of ASML e.g., external auditors and Core IT services.

Creation of cryptography KPI’s, assuring right cryptography within ASML is being used.

Advising on strategic future developments in cryptography.

Updating and maintaining security baselines and standards.

Assisting IT Security risk management.

Training and coaching DevOps teams on security aspects, standards and security solutions in CI/CD.

Requirements

Education and experience:Bachelor’s or Master’s degree in mathematics in combination with cybersecurity/information security (or equivalent experience).

Valid industry certifications such as CISSP, CISM and/or CISA are a plus.

CCSP or equivalent is a plus.

Required Experience:Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance.

Strong mathematical/algorithmic understanding of symmetric and asymmetric cryptography, hash functions, digital signatures etc.

Experience and good hands on knowledge of PKI and certificate management in complex large enterprise settings, including Business Analysis.

Experience with tools/products (i.e. Docker) where cryptography is embedded is a plus.

Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and applications.

Experience with a wide range of SAP applications is a plus (no authorization management).

Experience with Cloud security and 3rd party management.

Experience in collecting information through research and interviews.

Good working knowledge of Office suite applications like Excel, SharePoint and Teams.

Deep Knowledge of current security technologies and governance processes.

IT audit experience is a plus.

In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST Cyber, security, framework, ISF Standard of Good Practice for Information Security, NIST SP 800 30 framework, ISO 27001/2 framework.

Knowledge of the Scaled Agile Framework (SAFe) is a plus.

Required Skills:Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that.

You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues.

There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.

Competencies:To thrive in this job, you’ll need the following skills:

Able to operate independently/with minimal supervision, self-starter.

Ability to interact with all levels including users, engineers, executives and senior managers.

Analytical, precise, tenacious, autonomous.

Knowledge of IT-security, Information Security and Architecture methodology.

Ability to overcome organizational resistance.

Excellent organizational skills and the ability to prioritize multiple tasks and assignments.

Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.

Enclose a personal motivation from the candidate for this position.

Even if you don't perfectly align with the current position, we encourage you to apply.We have several vacancies open and your application keeps you in consideration for this role and other relevant openings in the future.RequirementsA Bachelor's or Master's degree. Minimum of 5 years of experience in full-stack Java software engineering, including Java 11 and Spring. Experience with distributed software architectures and cloud-based hosting (preferably Azure). Back-end development proficiency with some front-end (web) development exposure. Knowledge of Continuous Integration, Build, and Deployment practices, tools, and trends. Comprehensive understanding of Java development methods, IT architectures, and common development tools. Skill in writing SQL database queries. Experience in the financial sector is preferable. Familiarity with tools like Azure DevOps and Splunk monitoring. A flexible, proactive approach with a strong analytical mindset and result orientation. Excellent oral and written communication skills in English.

---