Secondment via YER
IT & Telecom
About this vacancy
We at ASML enable groundbreaking technology to solve some of humanity’s toughest challenges. Together with our partners, we provide leading patterning solutions that drive the advancement of microchips. Would you like to contribute by having security embedded in the processes and Information Technology?
Currently we are looking for a talented candidate who would like to work with an amazing multicultural team of Security professionals, would like to work on cool projects, and collaborate with a group of experts. Technology Security experts think ahead and possess the best skillset for their role. Are you one of the most talented and creative minds? If yes, please apply for this role and be a Security Champion for ASML!
As a Big Data Security Specialist you are part of the Application Security team within the Technology Security Competence Center (TSCC) which is part of the Risk & Business Assurance (R&BA) department of ASML Corporate.
You will be responsible for conducting detailed and in-depth security assessments both new and existing data-centric applications within ASML, assist and advice (big)data-related projects on security related questions and help drive the security improvements for ASML. You will be interacting with stakeholders on different levels in ASML IT, but also within ASML sectors. In this role you will also be participating in PI events and as a Subject Matter Expert (SME) involved in the Agile Release Trains (ARTs).
The role is contributing in protection of ASML’s information, Intellectual Property (IP) and assets, and that of ASML’s customers and suppliers for the scope of the projected solution. This includes the alignment of the solution with ASML Information Security strategies and security policies/standards/guidelines, and where necessary suggesting additions and improvement to standards.
As a Big Data Security Specialist you will be responsible for:
- Performing project intake assessments in cooperation with the Project Security Officer;
- Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
- Assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling;
- Translating assessment results into an Information Security Specification (security plan for service);
- Communicating observations to the relevant stakeholders, advice on mitigation and follow up on actions;
- Adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
- Adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings;
- Assuring and monitoring the effectiveness of our application security controls;
- Keeping track of follow up actions and deliver management reporting;
- Representing, on occasion, the TSCC in IT projects and intake boards where required;
- Assessing IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
- Improving procedures to keep the security registers, application registers and assessment processes up to date;
- Giving advice on security improvements and additional controls;
- Updating and maintaining security baselines and standards;
- Training and coaching DevOps teams on security aspects, standards and security solutions in CI/CD.
ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
ASML is headquartered in Veldhoven, the Netherlands.
You will be employed by YER and seconded to ASML. We offer:
- Good employee benefits
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
- One or more of the following valid certifications is a plus:
- Azure or Google Security, Data engineering or Data Science-related certifications
- SAFe certifications.
- Security/Technical/IT/informatics/Data Science background: bachelor’s or master’s degree (or equivalent experience);
- Note: academic qualifications related to Security are an advantage, but not a substitute for hands-on experience.
- Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
- Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and data-centric applications;
- Securing data-centric or analytical platforms and applications.
- Securing data ingestion and processing pipelines (on premise, hybrid or cloud);
- Knowledge and/or hands-on experience with common (big) data environments and languages, such as Data Lakes, Big Data Storage and Computing, Hadoop, Spark, Python, Analytics Reporting Tooling;
- Security on a wide range of SAP (HANA) applications is a plus in this role;
- Experience with Scaled Agile Framework (SAFe) is a plus;
- Experience with (Cloud) Security Architecture is a plus;
- DevSecOps: securing Container environments and CI/CD pipelines (preferably through automation)
- Hands-on experience in security assessments and risk assessment of one or more of the following security domains:
- Operations (e.g. hardening, patching)
- In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST, ISF, NIST or ISO 27001/2/3/4 framework;
- Advising management stakeholders on security maturity and influence decision-making.
- Able to operate independently/with minimal supervision, self-starter;
- Comfortable in starting up a number of projects at the same time, but also taking responsibility for finishing tasks;
- Ability to interact with all levels including users, engineers, executives and senior managers;
- Analytical, precise, tenacious, autonomous;
- Knowledge of IT-security, Information Security and Architecture methodology;
- Ability to overcome organizational resistance;
- Excellent organizational skills and the ability to prioritize multiple tasks and assignments;
- Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.