Application Security Assessor

  • Dienstverband Fulltime
  • Vacaturenummer VAC-10001665
  • Locatie Veldhoven
  • Contract secondment via YER

Over deze vacature

As Specialist in Application Security, you are part of the IT Application Security team in and work together with about 18 of your colleagues in IT security and will responsible for conducting detailed Security assessments mainly on new and existing Applications and IT services within ASML, assist and advice projects on security-related questions and help drive the security improvements for ASML. You will be interacting with stakeholders on different levels in IT, but also within ASML sectors.

  • SAP technology plays a key role in security assessments. Experience with the security of a wide range of SAP applications is a must in this role.
  • The security finding register contains all TVA findings and risks that are reported within IT Security and is used to follow up on actions and register progress. Assessing existing or new IT services ( on-premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling;
  • Assessing systems to be implemented or actual implementations based on assessments of high and low-level designs, interviews and/or testing;
  • Advice on security improvements and additional controls;
  • Translating assessment results into an Information Security Specification (Security plan for service);
  • Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions.


As an application security specialist you will be responsible for:

  • Improving and maintaining an Application Security Register, Manage and follow-up on security assessment findings;
  • Keep track of follow up actions and deliver management reporting;
  • Perform project intake assessments in cooperation with the Project Security officer;
  • Represent, on occasion, IT security in IT project and intake boards where required;
  • Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
  • Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
  • Translating assessment results into an Information Security Specification (Security plan for service);
  • Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions;
  • Performing detailed security assessments on applications and IT services;
  • Adding information to the different Security registers from Business impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions, and other sources;
  • Report on progress and deliver management reports;
  • Improve procedures to keep the security registers, application registers, and assessment processes up to date;
  • Advice on security improvements and additional controls;
  • Assess IT security exception requests;
  • Update and maintain security baselines and standards;
  • Assist IT Security risk management.


ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.


  • Good employee benefits (e.g. work-life balance, pension, lease car, bonus model)
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return, and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies



  • Academic qualifications are an advantage, but not a substitute for professional experience;
  • Valid industry certifications such as the Certified Information Systems Security Professional (CISSP/CISM/CISA) are a plus;
  • CCSP or equivalent is a plus;
  • Security/Technical/IT/informatica background bachelor’s degree (or equivalent experience);
  • Deep Knowledge of current security technologies and governance processes;
  • IT audit experience is a plus;
  • In-depth working knowledge of IT Risk/security frameworks and best practices, e.g.:
    • NIST Cyber Security Framework
    • ISF Standard of Good Practice for Information Security
    • NIST SP 800 30 framework
    • ISO 27001/2 framework;
  • Knowledge of security in Agile is a plus.


  • Over 6+ years of professional experience with a focus on IT applications/information security, risk and compliance;
  • Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and applications;
  • Experience with a wide range of SAP applications is a plus (no authorisation management);
  • Experience with Cloud security and 3rd party management;
  • Experience in collecting information through research and interviews;
  • Excellent English communication and presentation skills. Command of the Dutch language is a plus;
  • Good working knowledge of Office suite applications like Excel and SharePoint;
  • Excellent verbal and written communication skills;
  • Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision.

Personal skills

  • Able to operate independently, self-starter;
  • Ability to interact with all levels including users, engineers, executives, and senior managers;
  • Deep technical knowledge of IT-security and Information Security and Architecture methodology;
  • Ability to overcome organisational resistance;
  • Excellent organisational skills and the ability to prioritise multiple tasks, projects, and assignments;
  • Analytical, precise, tenacious, autonomous;
  • Able to digest large amounts of new information quickly, and derive key security requirements;
  • Able to grasp the deep technical characteristics of new environments quickly;
  • Able to draft clear and concise visualisations of complex environments;
  • Able to fairly represent conflicting stakeholder needs to enable informed decision-making;
  • Able to stand your ground in a flexible/changing environment;
  • Able to work with rapidly changing demands.