We are looking for CSO, who has build IT security best practices and controls and has practical experience in areas of cybersecurity for IT company
— Providing expert assessment and remediation advice to our customers, related to Service Organization Controls (SOC 2), ISO 27K, Personally Identifiable Information Data Security Standard (PII) etc.
— Provide suggestions and recommendations for preparing security policies relevant to the organization’s culture, objectives, and risk tolerance.
— Performing activities to support our customers’ data privacy programs, such as Data Privacy Impact Assessments, data inventory, and dataflow mapping.
— Creating professional reports for our clients that detail assessment findings.
— Lead the review of security vulnerabilities across a variety of technologies and environments to determine high-risk vulnerabilities to business assets.
— Develop and maintain a security roadmap.
— Identify and research security improvement opportunities through interaction with all departments, vendors, and leading practices.
— Stay up-to-date on information technology trends and security standards.
— Participate in the development, reporting, and improvement of SecOps and general Security Operations metrics and KPIs.
— Understanding Kerberos, AD, MFA, OKTA, VPN, Peering.
— Experience with Encryption.
— Experience with Firewalls/ Security groups/ ACLs, WAF.
— Experience with IDS/IPS.
— Good understanding and experience with Secret management systems (Vault, AWS KMS)
— Experience with Disaster recovery.
— Experience with Audit.
— Understanding of IT security best practices and controls.
— Practical experience in areas of cybersecurity.
— Knowledge of SANS/CWE Top 25, OWASP Top 10 Proactive Controls and — Application Security principals, CISA recommendations, CNCF landscape.
— Understanding of penetration testing tools (OWASP ZAP or similar)
— Good understanding of Network (Subnets, Routing tables, NAT, ACL, Firewall).
— Experience with Cloud computing: AWS, GCP, AZURE, OPENSHIFT
Troubleshooting, proactive self-learning, sharing knowledge, participate on new architecture changes
— Experience with VCS: git, bitbucket, CodeCommit, gitlab
— Experience with Monitoring: Zabbix, CloudWatch, Prometheus, ELK, Graylog
— Experience with Log Management tools: Rsyslog, Syslog-ng, log4j, CloudTrail
— Experience with Scripting: Bash, Python, GO
— Good understanding and experience with Linux administration: Debian, CentOS.
— Writing documentation SDLC
— Possibility to grow within a multicultural work environment with a flat structure and direct, informal communication
— Flexible working environment
— Full-time employment
— Remote work
— 4 working days week