— Acting as a security analyst for any SDLC requests to identify security risk areas;
— Designing security controls for new company’s products/features/3-rd parties integrations during SDLC process;
— Working closely with delivery and infrastructure teams to drive security issues and controls to resolution;
— Developing a standardized approach for initial security assessment of projects;
— Support internal audit for their activities at IT Security domain: support collecting info, preparing reports, work with GAPs, planning and execution of corrective actions, etc.
— Experience of 5+ year as IT security specialist/analyst/acrhitect;
— Strong skill set at IT Security governance/audit/management/ domains is a must;
— Knowledge of ISO 2700x series, NIST standards for access management\data security\endpoint protection, GDPR, PCI DSS. Understanding of AAA concept;
— Good understanding of computer networks (VLAN, IP addressing, security zones of trust, etc.);
— Practical knowledge of security systems on the market (eg. Firewall, Antimalware, IDS/IPS, SSL/IPSec VPN, Proxy, Remote Access, PKI, etc.);
— Understanding of Security Log Management tools (syslog-ng, rsyslog, logstash, etc.);
— Understanding of common types of security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.);
— Software development processes and lifecycle background.
— Knowledge in IT service management ITIL v3\Cobit;
— ISACA’s CISA/CISM/CRISC certification or CISSP certification;
— Other IS/ITSec standard-related certification.