Position Context
In a critical, high-availability IT environment, this role aims to strengthen application security throughout the entire software development lifecycle. The position sits at the intersection of security, software engineering, and DevOps, with a direct impact on application resilience and overall security maturity.
Close collaboration is expected with Development, Application, Infrastructure, and Cybersecurity teams to integrate security best practices into CI/CD pipelines and ensure effective vulnerability remediation.
Key Responsibilities
- Analyze and remediate application vulnerabilities identified through SAST, DAST, SCA, penetration tests, and other security tools
- Fix vulnerabilities at code, library, dependency, and configuration levels
- Identify and qualify false positives to effectively prioritize remediation actions
- Integrate security tools into CI/CD pipelines (DevSecOps approach)
- Implement or optimize vulnerability detection tools
- Perform secure code reviews and architecture security assessments
- Participate in threat modeling and security design reviews
- Contribute to reducing technical debt and improving overall security maturity
- Work closely with teams responsible for OS-level and infrastructure vulnerability management
Technical Environment
- Modern CI/CD pipelines (GitLab, Azure DevOps, or equivalent)
- Containerization and orchestration: Docker, Kubernetes
- SAST / DAST / SCA tools (e.g., Qualys, penetration testing reports, etc.)
- Application stack: Java, JavaScript/Node.js, TypeScript, Angular, potentially .NET or Python
- On-premise Data Center environment
- Frameworks and standards: OWASP Top 10 and secure coding frameworks
Profile Required
- Strong software engineering background (ability to read and modify production code)
- Proven experience in application security or secure software development
- Solid understanding of common vulnerabilities and OWASP Top 10 principles
- Hands-on experience in vulnerability remediation at code and configuration level
- Good understanding of CI/CD pipelines and DevSecOps practices
- Ability to analyze scanner results and distinguish real issues from false positives
- Comfortable working in a high-availability environment
- Strong collaboration skills with technical and security teams
Nice to Have
- Experience in threat modeling
- Knowledge of cloud security environments
- Familiarity with vulnerability management processes
Expected Technical Skills
- Java (Advanced)
- DevOps (Advanced)
- Docker & Kubernetes (Advanced)
- Git (Advanced)
- Middleware (Advanced)
- SDLC (Advanced)
- Angular (Intermediate)
- Spring Boot (Intermediate)
Languages
- English: Full professional proficiency
- French: Professional working proficiency
This position is suited for a senior technical professional who aims to play a key role in securing critical applications and actively contribute to a structured and mature DevSecOps approach.
Opportunities are numerous. From bare applications development to of IT infrastructures management including conception, architecture and requirements analysis.
Although open to technologies used by our customers, ABAKUS IT-SOLUTIONS seeks mainly but not only consultants mastering: Windows and Linux Servers, networks, developments (JAVA, SAP, .NET,…) as well as highly specialized experts for example in cybersecurity or in Content Management System (CMS) (SharePoint, Drupal, WebLogic…).
In terms of non-technical competencies, ABAKUS IT-SOLUTIONS hires dynamic persons, open to the world, interested by innovation and having a keen sense of client relationship.
A very good command of English is essential, the capacity to speak French, German or Dutch is an asset.
Even though most of our positions require at least 3 years of experience, some are open to new starters.
