Permanent Role – Prague, Czech Republic – Competitive Salary
Your area of work:
Support Team Cyber Protection with its security tools to provide a Vulnerability Management Service. In your position, you will provide IT security expertise in support to the business and in line with the key responsibilities.
• Provide a security service where your part is to design, plan and coordinate the deployment of a new security infrastructure or component. This will be achieved by collaboration with other technical teams.
• Support to organize the process of automated creation of security on-boarding and reporting. Here, communication with various support groups and notification of stakeholder groups on the service status will be required.
• Cyber Protection offers a wide range of security tools, therefore the candidate should be open to support different kind of detect & prevent capabilities. Furthermore, this includes to evaluate and work on different IT applications and products that would allow to offer the security service.
• Initially, two security services are considered, however over time, the role can be developed further by support of other detect and prevent technologies:
o service that allows scanning of Container environment (OS oriented not applicative) in the Cloud platform
o service that allows the assessment of an application’s source code to uncover vulnerabilities and security flaws
• Manage continuous service improvements and/or enhancements to build and maintain strong security capabilities including e.g. handling of vulnerability false positives or strengthen detect & prevent capabilities.
• Write and review technical documentation.
• Consider regulatory aspects and compliance level of the security solutions incl. cloud (native) security in the financial industry
• University degree in IT, business informatics, or comparable education
• Experience in information security management, ideally in the financial industry or comparable regulated business environment e.g. through internships
• Ability to structure complex matters and drive them to resolution
• Basic knowledge in cyber security tooling for On-Prem and Cloud proposition
• Knowledge for already established security infrastructure and components may be beneficial:
o Knowledge in Container and Orchestration environment such as Docker, Kubernetes or Openshift
o Knowledge in Ethical hacking
o General knowledge in Application Code development (e.g. C/C++, Java, Java Script & frameworks)
o Knowledge of OWASP community and documents
o Knowledge in build tools and openness to learn new tools (e.g. make, ant, Jenkins, maven and gradle)
o Knowledge in Ethical hacking
• Knowledge of general legal and regulatory conditions and requirements in the financial industry, for example ISO 2700x, German BSI IT-Grundschutz, NIST, or COBIT is a plus
• Certifications like CISM, CISA or similar is an advantage but not mandatory
• Strong communication and interpersonal skills with talent in building relationships with professionals of all organisational levels
• Strong analytical skills, reliability, and direct responsibility
• Ability to firmly present complex topics in an understandable manner
• Proficiency in written and spoken English, same in German is a plus