Good understanding of international information and data security standards and regulations: ISO 27k series, GDPR, HIPPA etc.;
Ability to develop information security policies and guidelines and derive security requirements from them;
Experience in Threat modeling process and tools. Understanding of threat modeling approaches: STRIDE, DREAD, PASTA, etc. Ability to develop an attacker profile base on the threat model;
Understanding access modeling. Ability to develop access models and assess them. Understanding of segregation of duties;
Experience in IAM solutions. Understanding of purpose and approaches of IAM. Knowledge of key tasks: identify, authenticate, and authorize;
Good knowledge of risk management, its purpose, and approaches. Understanding the difference and consequences of various risk handling methods (rejection, mitigation, accepting, etc.) Can evaluate risks and create risks management plan;
Understanding OWASP Top 10. Ability to describe vulnerabilities, ways of exploitations, and fix methods;
Understanding of vulnerability management. Knowledge in vulnerability scanners. Ability to validate scan results and provide recommendations;
Ability to develop and conduct security trainings and workshops (e.g. General security training, threat modeling);
Hands-on experience in MS Office tools: Word, Excel. Experience in diagram building solutions: MS Visio, draw.io, etc.
Fluent English including cybersecurity-related vocabulary;
Good communication skills, ability to conduct email communications, lead security-related meetings and discussions.
Experience in Secure SDLC. Ability to describe goals, steps, approaches, etc.;
Understanding of the OWASP Software Assurance Maturity Model, and ways of its implementation;
Knowledge of Microsoft 365 security features: 2FA, MDM, ATP, DLP, etc.
Besides such basics as a competitive salary, comfortable and motivating work environment, here at Intellias we offer:
For your professional growth —
Innovative projects with advanced technologies;
Individual approach to professional and career growth (Personal Development Plan);
Regular educational events with leading industry experts;
For your comfort —
Flexible working hours;
Spacious office with lots of meeting rooms;
Kids’ room with professional baby-sitter (offices in Lviv & Kyiv).
For your health —
3 health packages to choose from — medical insurance, sports attendance or mix of both;
Annual vitaminization program;
Annual vaccination and ophthalmologist check-up.
For your leisure —
Corporate celebrations and fun activities;
Beauty parlor (offices in Lviv & Kyiv).
Security decision-maker in the specific project/team;
Estimate overall business risk profile;
Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications. In its simplest form, this can be a High/Medium/Low categorization;
Build and maintain compliance guidelines. Create policies and standards for security and compliance;
Conduct technical and role-specific application security awareness training;
Build and maintain technical guidelines;
Closely work with the project team in order to specify security requirements for the solution;
Build and maintain application-specific threat models (OWASP Threat Dragon/MS Threat Modeling Tool) and as a result, explicitly apply security principles to design;
Explicitly evaluate risk from third-party components;
Derive security requirements from business functionality.