Introducing the No Hiring Fee Package!

Post vacancies

Hire without commissions

telegram
telegram start from $9/month! telegram
en
en
Job openings
View all
  • Development
  • Technical
  • Other
Telegram channel telegram
Next job

Senior IT Security Engineer in King Grup

25 February

9 views

King Grup

King Grup

0
0 reviews
Without experience
Kyiv
Full-time work
Key purpose:Full responsibility for the information and technical security of the company's corporate and technological infrastructure, which includes the formation and end-to-end security support. The role is autonomous and does not require a separate Head of Security.Areas of responsibility:1. Risk and internal process managementIT and Cyber Security Risk Assessment: Initiate and conduct regular assessment IT infrastructure and cyber security risks.Vulnerability management: Building and mainta

Key purpose:

Full responsibility for the information and technical security of the company's corporate and technological infrastructure, which includes the formation and end-to-end security support. The role is autonomous and does not require a separate Head of Security.

Areas of responsibility:

1. Risk and internal process management

  • IT and Cyber Security Risk Assessment: Initiate and conduct regular assessment IT infrastructure and cyber security risks.

  • Vulnerability management: Building and maintaining an effective vulnerability management systems.

  • Internal control: Ensuring operational control, monitoring and compliance control of all IT processes and solutions to information security requirements.

2. Organization of security tactics and strategy

  • Architecture: Design and optimization of secure network architecture (Zero Trust, segmentation, VLAN).

  • Strategic planning: Formation of a strategy and roadmap for the development of IT security companies.

  • Implementation of solutions: Selection, assessment and implementation of key security solutions (EDR/XDR, SIEM, PAM, NAC, FW, WAF and others).

3. Ensuring the security of internal systems and servicespan> techniques.

  • Management: Operational management, configuration and monitoring of protective mechanisms IT infrastructure.

    • 4. Key security domains

    • Access control (system and network):

      • Implementation of RBAC (Multi-Factor Authentication); (PAM).

        • style="font-weight: 400; font-style: normal; text-decoration: none">Regular auditing of access rights.

    • Protection of endpoints and infrastructure:

      • Network: IDS/IPS settings control.
        • normal; text-decoration: none">Monitoring network anomalies (via SIEM); none">Servers and endpoints: Application of Patch management (Windows Server/Linux), Disk encryption.yle="font-weight: 400; font-style: normal; text-decoration: none">

        Policies: Control and administration of MDM tools and policies.

    • Awareness:

      style="font-weight: 400; font-style: normal; text-decoration: none"> Development and implementation of employee training, consultations on safe work with data.

    • Stress testsorganization of phishing tests, etc.

      • Incident response 400; text-decoration: none">Incident Response Plan:
        • normal; text-decoration: none">Response: Root Cause Analysis (RCA); text-decoration: none">Reporting:Preparation of post-incident reports.> none">Policies:
        • Previous experience and knowledge required

          • Experience in the field of information security or infrastructure: 5+ years.

          • Experience of independently building security processes.

          • Experience in network architecture.

            • 400; font-style: normal; text-decoration: none">

            Практика роботи з firewall/VPN enterprise-рівня.

          • Впровадження та EDR/XDR, NGAV settings

          • Understanding the principles of working with SIEM and its implementation.

          • Cloud security (Microsoft 365/Azure/Google Workspace).

          • Understanding cryptography and key management principles.

          • Experience in vulnerability & patch management.

        Will be a plus:

        • Availability of professional certifications (CISSP/Security+) 400; font-style: normal; text-decoration: none"> System building experiencesecurity "from scratch".

        Expectations from the role

        • Complete autonomy in acceptance solutions.

        • Responsibility for the level of cyber risk of the company.

        • Focus on building and developing a security system.

        • Ability to justify the budget and investments in security.

        We we offer

        • Complete autonomy in the construction and development of the company's information security system: from strategy to operational control.
        • The possibility of implementing a modern Zero Trust architecture and implementing the best security practices without unnecessary bureaucracy.
        • Direct influence on the company's technical solutions and participation in the formation of a long-term IT and IT development roadmap.
        • Working with a modern technology stack: EDR/XDR, SIEM, PAM, NAC, WAF, cloud?security Microsoft 365/Azure/Google Workspace.
        • Participation in strategic decision-making, including budgeting and cyber risk assessment.
        • Ability to build security processes "from scratch" or significantly transform them.
        • Professional development support: compensation for certifications, training, conferences.
        • Competitive compensation, official employment and a full social package.
        • Comfortable working conditions and flexible format (office/hybrid by agreement).


    Without experience
    Kyiv
    Full-time work
    Want to get related jobs?
    New job openings in your Telegram
    Subscribe
    We use cookies
    accept