As a Cyber Security Analyst, you will:
- Define and advise on the design, implementation and test processes necessary to protect information system assets.
- Perform risk assessments and translate the security architecture and high-level policies and controls towards security requirements (security by design) for business and IT projects.
- Contribute to the architectural design and validate it against the security requirements
- Define the scope of these requirements and of penetration tests, actively supporting the testing teams performing these and approving the test reports.
- Define, implement and ensure the proper functioning of security trust services in line with IT security policies.
- Recommend and advise on new or improved security services towards the division management. Document security services, technical standards or principles.
- Act as a security subject matter expert within a certain domain (for example Mainframe security, PKI and Cryptography, Network security, platform security, IAM, application security or secure coding), being the point of contact for both business and project teams. Your stakeholders are mainly the business owners/analysts, project leader, risk management, internal/external auditors and off course the engineers, developers and architects.
To apply for this role, you:
- Have a university degree in Computer Science, Engineering or similar.
- Have a solid experience in the infrastructure or IT application security domains.
- Are able to discuss, defend and translate business requirements and/or security topics with both senior business people as with deep technical IT experts. You are at ease with presenting findings, conclusions, alternatives and information clearly and concisely and can easily document and present using PowerPoint, Visio, Excel, and Word.
- Maintain accuracy with attention to detail and meeting deadlines. Have effective organizational, planning and time management skills, and also research, analytical, and problem solving skills. You are able to use good judgment to make sound decisions.
- Are able to operate within an international/multi-cultural, networked environment. You are fluent in English, a team player who communicates in an open, respectful and constructive way with customers and peers, both verbally and in writing.
- Have the ability to handle different projects and cope with pressure and stressful situations. Take ownership and ensure that organizational quality standards are met. Are independent, service-oriented and organized.
Technical skills
- Have a proven experience in security risk assessments, development of functional security requirements, process design and management reporting.
- Are familiar with industry best practices in key security domains like: risk assessments, identity and access management, PKI, network security, secure application development, data protection.
- Have application security knowledge with a good understanding of software development and testing, OWASP (Open Web Application Security Project) guidelines, code scanning tools, security and compliance automation using a CI/CD pipeline.
- Have knowledge of and experience with security technologies including IDAAS (Identity as a service) and identity management platforms, Secure access management and federation services, PKI and cryptographic solutions, web application firewalls, endpoint security
- Have knowledge of and experience with security technologies covering domains Virtualisation, Software Defined Networks, Cloud IAAS/PAAS/SAAS, Network and DMZ infrastructure, VOIP, Wifi, 802.1x, Anti-malware, System protection, Middleware, Collaboration and end-user workspace solutions, Storage (SAN, NAS), Databases, infrastructure automation services (Infrastructure as a code)
- Preferred professional certifications are CISSP, GIAC, SABSA, ISO 27001 LA/LI. Specific Security related product certifications are considered an asset.