Freelance Domain Expert II (ZZP)

Posted 23 hours 31 minutes ago by Yacht

Permanent
Part Time
Other
Overijssel, Hengelo, Netherlands, 7551 AA
Job Description

Job description:


The Development Services department is the knowledge center within ABN AMRO for everything concerning software development. It's goal is to continuously improve the quality of the software development process and it's deliverables. To accomplish that mission, we harvest best practices from the development community and translate these into standards and guidelines. Common for all technologies is the need for strong security. The Secure Coding (SECO) team takes care of all matters concerning the security of software development. A Domain Expert for SECO helps development teams in the organisation with improving the quality of security of their products.


Team activities:


The SECO team manages the ABN AMRO ruleset for tools like Fortify and NexusLC in collaboration with the ABN AMRO developer communities and QA authority. We look into security issues in the Code and give teams advice on how to remediate this. If teams create tickets to request exceptions, we evaluate these cases. Also we investigate possibilities to improve code security within the bank and we allocate a part of our time to investigate existing or develop new security tools.



With the following results:


  • Secure coding standards and guidelines

  • Secure software development tools and processes

  • Coaching ABN AMRO staff on secure development practices

  • Fuelling the Security Triangle community



Relevant knowledge skills & competences:


As a Domain Expert for SECO, the candidate must be an expert in software development security (methodologies) and associated tools. Must have technical experience:

Vulnerabilities:

- OWASP

- SANS

Threat modelling: STRIDE


Development:

- Proficient in at least one major programming language (Java / Javascript / Python / C# / Swift / Go)

Public Cloud technology:

- Azure

- Azure DevOps


Versioning tools:

- Git

- Bitbucket


Build tools:

- Maven

- Gradle


QA tools:

- SonarQube

- Fortify

- Nexus Lifecycle


Must have personal skills:


  • Fluent English (Dutch not required)

  • Coaching & Feedback

  • Taking ownership

  • Training

  • Convincing

  • Enterprise awareness

  • Intercultural awareness