Manager at MODUS IKS/ MODUS IKS LLC/ Deputy Director for Information Security/ Department for Information Security/ Security Department for Development and Development of Information Systems in DTEK, TOV, Energetichna kompaniya

Position functions:

• Conducting expertise of technical and business solutions at the stage of implementation and/or operation for compliance with IS requirements.
• Development and audit of dev/test/prod environment controls as part of compliance with requirements IS and best practice.
• Consulting internal and external teams on matters of SSDLC organization.
• Configuring, automating and improving the efficiency and security of SAST, DAST, SCA, OSA, Penetration testing, Fuzzing checks .
• Verification of identified vulnerabilities, determination of criticality and measures to reduce risks, consulting developers and DevOps on issues of correction of comments

Professional competences:

• Higher specialized education;
• 3 years of work experience;
• Experience in building and developing DevSecOps engineering practices, their implementation in the pipeline as a Security Gate ;
• experience in deployment and application of secure development tools (SAST, DAST, SCA, ASOC, Container/Kubernetes Security);
• experience in architecture development, design of information systems, secure development systems;< /li>
• understanding of attack scenarios based on MITER ATT&CK tactics and techniques;
• experience in practical use of such standards and best practices as OWASP Security Standards, CIS Controls, NIST Cybersecurity Framework, SANS;
• understanding the concepts of Shift-Left, ZeroTrust, SSDLC;
• knowledge of vulnerabilities from OWASP Top-10 (web/mobile/api), understanding how they arise and how they are mitigated;
• experience triaging vulnerabilities in the following programming languages ​​(at least minimal): Python, Java, JS, PHP, .NET;
• experience in supporting projects using Azure AWS, K8s;
• work experience with security tools in Azure cloud services (Azure Security Center, Azure Defender, Azure Policy), AWS (GuardDuty, CloudTrail), GCP;
• experience with key vault, hashicorp vault, BYOK;
• knowledge of modern structures, methods and technology of authentication/authorization (OAuth 2.0, OIDC, JWT);
• experience with one or more CI/CD tools (Azure DevOps, Gitlab, Ansible, Terraform);
• experience working with systems of collective interaction, project administration and repositories (AzDO, Git, Confluence, Jira).

Special skills:< /p>

• Knowledge of the principles of operation and functioning of IS security tools (SIEM, DLP, NGFW, WAF, SandBox).
• Knowledge of access control implementation systems (IDM), attack detection systems ( IDS, IPS) and information integrity control (ECS, encryption).
• Knowledge of virtualization technologies and cloud services (VMware).