Senior Information Security Specialist

Description:

The Senior Information Security Specialist will be responsible for ensuring the security and integrity of our information systems. You will be responsible for identifying and mitigating security vulnerabilities, implementing security best practices, and working closely with our development teams to integrate security into all phases of the software development lifecycle.

Requirements:

- Minimum of 5 years of experience in information security or a related field.
- Experience with AWS cloud security.
- Strong knowledge of security principles, techniques, and protocols (e.g., OWASP Top 10, SSL/TLS, etc.).
- Relevant certifications such as OSCP, OSCE, LPT or equivalent.
- Strong knowledge of security protocols, cryptography, authentication, authorization, and security frameworks.
- Experience with security tools and technologies such as firewalls, IDS/IPS, SIEM, DLP, and antivirus software.
- Excellent problem-solving skills and the ability to work under pressure.
- Strong communication and interpersonal skills.
- High level of integrity and professional ethics.

Responsibilities:

- Security Analysis & Vulnerability Assessment: Conduct regular security assessments and penetration tests on Company infrastructure. Identify vulnerabilities and security gaps in existing applications and propose remediation solutions.
- Vulnerability Management: Lead the development and implementation of a comprehensive vulnerability management program. This includes continuous monitoring, analysis, and prioritization of vulnerabilities discovered in applications or infrastructure.
- Security Automation: Implement and maintain security tools and processes to automate the detection of security vulnerabilities. Integrate security tools into the CI/CD pipeline. Security tools to be considered (not limited to): static code analysis (mainly Java); dynamic code analysis and scanning for vulnerabilities using Burp Suite and OWASP ZAP; and software composition analysis.
- Establishing security controls in SDLC: Work with the development team to ensure secure coding practices are implemented. Conduct threat modeling and architecture reviews and consult development teams when making architecture decisions. Develop security requirements at the early stages of the product life cycle.
- Cloud Security: Ensure robust security practices are implemented across cloud environments, particularly AWS. Collaborate with cloud engineers to design and maintain secure cloud architectures. Regularly assess and address cloud-specific vulnerabilities and risks.
- Documentation Preparation: Develop and maintain comprehensive security documentation, including policies, procedures, and guidelines. Ensure that all security-related documentation is up-to-date, accessible, and aligned with industry standards and regulations.
- Incident Response: Participate in the response to security incidents, including performing post-mortem analysis and recommending preventive solutions. Monitor and analyze security alerts and incidents to ensure timely response and resolution.
Collaborate with IT and other departments to ensure security measures are integrated into all systems and processes.
- Stay up-to-date with the latest security trends, technologies, and threats, and proactively recommend improvements.

Ecosystem to work on:
AWS - various services and different regions, On-premise sites, AWS EKS and vanilla K8s, Calico, Cilium, Helm, Jenkins, Terraform, Ansible, GitLab EE, RHEL/Rocky Linux, Atlassian environment, Slack, Zabbix, Wazuh, ELK, Grafana, Prometheus, InfluxDB, Sentry, PostgreSQL, Java/Spring Boot, Google Workspace, nginx, ArgoCD