Cryptography Security Specialist
As a Cryptography and Security Specialist you are part of the Application Security team within the Technology Security Competence Center (TSCC) which is part of the Risk & Business Assurance (R&BA) department of ASML Corporate.
Your primary job is to analyze (assess) security systems for any vulnerabilities that may be targeted. You identify weaknesses and give advice on how cryptography can be applied and/or strengthen. In this role you will help identifying and testing of new technologies, which may fit in our organization.
You will also be responsible for conducting detailed security assessments mainly on new and existing applications and IT services within ASML, assist and advice projects on security related questions and help drive the security improvements for ASML. You will be interacting with stakeholders on different levels in ASML IT, but also within ASML sectors.
The role is contributing in protection of ASML’s information, Intellectual Property (IP) and assets, and that of ASML’s customers and suppliers for the scope of the projected solution. This includes the alignment of the solution with ASML Information Security strategies and security policies/standards/guidelines, and where necessary suggesting additions and improvement to standards.
Role and responsibilities, As a Cryptography and Security Specialist you will be responsible for:
- giving advice on which cryptographic tools/products to use and how to embed these in the environment;
- giving advice on which form of encryption best fits the environment, taking into account different factors, i.e., the classification of the data;
- keeping your knowledge up-to-date, especially in the cryptographic domain;
- setting up and monitoring governance and (co-) setting up processes and monitoring of these processes;
- performing project intake assessments in cooperation with the Project Security Officer;
- assessing applications and systems to be implemented or actual implementations based on assessments of high- and low-level designs, interviews and/or testing;
- assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on ASML process and tooling;
- translating assessment results into an Information Security Specification (security plan for service);
- communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions;
- adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
- adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings;
- improving and maintaining an Application Security Register, manage and follow-up on actions and register application progress;
- keep track of follow up actions and deliver management reporting;
- represent, on occasion, the TSCC in IT projects and intake boards where required;
- assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
- improve procedures to keep the security registers, application registers and assessment processes up to date;
- creation, and execution of roadmaps, standards, design patterns and frameworks, specifically on cryptography. Working together with different stakeholders within and outside of ASML e.g., external auditors and Core IT services;
- creation of cryptography KPI’s, assuring right cryptography within ASML is being used;
- advise on strategic future developments in cryptography;
- update and maintain security baselines and standards;
- assist IT Security risk management;
- train and coach DevOps teams on security aspects, standards and security solutions in CI/CD.
Diversity & Inclusion: ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
Education and experience:
Bachelor’s or Master’s degree in mathematics in combination with cybersecurity/information security (or equivalent experience);
Valid industry certifications such as CISSP, CISM and/or CISA are a plus;
CCSP or equivalent is a plus;
Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
Strong mathematical/algorithmic understanding of symmetric and asymmetric cryptography, hash functions, digital signatures etc.;
Experience and good hands on knowledge of PKI and certificate management in complex large enterprise settings, including Business Analysis;
Experience with tools/products (i.e. Docker) where cryptography is embedded is a plus;
Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and applications;
Experience with a wide range of SAP applications is a plus (no authorization management);
Experience with Cloud security and 3rd party management;
Experience in collecting information through research and interviews;
Good working knowledge of Office suite applications like Excel, SharePoint and Teams;
Deep Knowledge of current security technologies and governance processes;
IT audit experience is a plus;
In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST Cyber, security, framework, ISF Standard of Good Practice for Information Security, NIST SP 800 30 framework, ISO 27001/2 framework;
Knowledge of the Scaled Agile Framework (SAFe) is a plus.
Skills: Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
To thrive in this job, you’ll need the following skills:
Able to operate independently/with minimal supervision, self-starter;
Ability to interact with all levels including users, engineers, executives and senior managers;
Analytical, precise, tenacious, autonomous;
Knowledge of IT-security, Information Security and Architecture methodology;
Ability to overcome organizational resistance;
Excellent organizational skills and the ability to prioritize multiple tasks and assignments;
Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.
Enclose a personal motivation from the candidate for this position.
Sharing would be appricatied! Paylaşırsanız sevinirim! Do you want to work for our client in The Netherlands? Hollandada ICT alaninda calismak?
Diversity & Inclusion
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
The position is based in the Netherlands (Veldhoven). The role has a matrix reporting line:
Part of a DevOps team that builds our cloud platform, reporting directly to the team manager of the CCoE.
Functionally the role reports to the team lead Security Architecture, under the Technology Security Manager within the Technology Security department.
The CCoE adopted an agile way of working. Key elements in this way of working are collaboration, customer focus, continuous improvements and continuous learning.
ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.
If you are interested in this vacancy please apply.