The role holder has IT technical and Information Security Management background, interacts with members of the internal and customer security teams to provide high-quality security service, interacts with other delivery units and internal teams within information security projects and information security incidents coordination, leads information security projects and improve customer’s information security posture. The role holder manages security activities such as security risk management, security incident response, changes, policies, and governance.
Remote work can be discussed.
- act as a Security-related point of contact for the end customer and enhance IT security in collaboration with customer IT Security team;
- define, implement and maintain customer security policies and processes;
- plan, implement and upgrade security measures and controls within customer IT infrastructure;
- perform vulnerability testing, risk management, and security assessments;
- provide recommendations for hardening customer IT infrastructure;
- manage a diverse team of IT administrators and other IT professionals within information security projects and activities;
- act as a key liaison between upper-level management, IT administrators, IT-related 3rd parties and security auditors;
- anticipate security alerts, incidents, and disasters and reduce their likelihood;
- respond immediately to security-related incidents and provide a thorough post-event analysis;
- work as part of a larger team and matrix manage teams;
- learn, assess, test and select new security solutions and technologies on the market;
- prepare cost estimates for security projects/changes and identify integration issues.
- Bachelor’s degree in Computer Science, Cyber Security or a related technical field or at least one of the following professional certifications: CISSP, CISM and CISA (or similar GIAC certifications) is desired;
- 5 years of work experience in Information Technology, at least 2 of these years must be in the Information Security Management or Cyber Security Analytics;
- Good communication and leadership skills (Be assertive and ensure the best interests of the company and customer are protected);
- English language level – Intermediate and higher.
- practices and methods of IT strategy, enterprise architecture and security architecture;
- ISO 27001/27002, ITIL and COBIT frameworks;
- secure coding practices, ethical hacking, and threat modeling;
- network security architecture development and definition;
- subnetting, DNS, encryption technologies and standards, VPNs, VLANs, and other network routing methods;
- network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.);
- advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication;
- Firewall, intrusion detection/prevention, IDM and SIEM systems;
- Windows, UNIX and Linux operating systems as a plus;
- scripting languages (PowerShell, Python) as a plus;
- PCI, NIST and SOX compliance assessments as a plus.
- experience exchange with colleagues all around the world;
- competitive compensation depending on experience and skills;
- regular assessments and salary reviews;
- benefits - medical care, sports;
- free English classes;
- opportunities for self-realization;
- friendly team, enjoyable working environment, transfer to office;
- flexible working schedule;
- corporate and social events;
- employment according to the Labor Code of the Russian Federation, “white” salary;
- training and certifications are organized and paid by the company;
- vacation bonus after 9 months of work;
- an extended medical insurance policy;
- partial compensation of costs on fitness;
- food subsidies;
- newcomers from other towns are provided with relocation help.