Job Description

Information Security

Proven experience in designing secure architectures for complex IT environments, including on-premises, cloud and hybrid infrastructures. Ability to create and maintain detailed security architecture blueprints, reference architectures, and security models. Deep understanding of Zero Trust Architecture principles and implementation. Advanced knowledge of network protocols (TCP/IP, UDP, HTTP/S, DNS, etc.), and network security mechanisms (VPNs, proxies, NAT, firewalls, WAF). Proficiency in configuring and managing network security devices (e.g., next-generation firewalls, IDS/IPS, network access control). Experience with network segmentation, micro-segmentation, and secure network design. Extensive experience conducting risk assessments, vulnerability assessments, and penetration testing. Proficiency with risk management frameworks such as ISO31000 and GRC (Governance, Risk, and Compliance) platforms. Capability to develop and implement risk mitigation strategies and action plans. Experience conducting risk assessments to identify potential risks associated with managed services. Ability to incorporate risk mitigation strategies into SLAs. Advanced knowledge of IAM protocols and technologies, including LDAP, Kerberos, SAML, OAuth, and OpenID Connect. Experience implementing and managing federated identity solutions and SSO across diverse applications and systems. Experience with IAM solutions such as Okta, Azure AD, Ping Identity, and SailPoint. Expertise with PAM solutions (CyberArk, BeyondTrust, Thycotic) for managing and securing privileged accounts. Experience in designing and enforcing policies for least privilege access and managing privileged session monitoring. Proficiency in secure coding practices and familiarity with languages such as Java, C#, Python, JavaScript, and their respective security considerations. Experience integrating security into DevOps/DevSecOps pipelines using tools like Jenkins, GitLab, SonarQube, and Checkmarx. Expertise in conducting code reviews and using static (SAST) and dynamic (DAST) analysis tools. Proficiency with SIEM platforms (Splunk, QRadar, ArcSight) for real-time security monitoring, log management, and threat detection. Experience with user and entity behavior analytics (UEBA) tools to detect anomalous activities and potential security incidents. Expertise in incident response processes, playbooks, and tools such as Mandiant, CrowdStrike Falcon, or Carbon Black. Proficiency in using security orchestration, automation, and response (SOAR) platforms like Demisto, Phantom, or Swimlane to automate incident response and remediation tasks. Experience with integrating security tools and automating workflows using APIs and scripting languages. Advanced understanding of cryptographic principles, algorithms (AES, RSA, ECC), and protocols (SSL/TLS, IPsec, SSH). Experience with implementing and managing cryptographic solutions, key management, and public key infrastructure (PKI). Familiarity with advanced threat protection tools and techniques, including sandboxing, threat hunting, and malware analysis. Experience with endpoint detection and response (EDR) and extended detection and response (XDR) platforms. Deep understanding of Service Level Agreements (SLAs), including their structure, components, and key performance indicators (KPIs). Experience with drafting, negotiating, and managing SLAs specific to security services. Proficiency in managing relationships with MSPs, including performance monitoring, issue resolution, and contract management. Define penalties or service credits for MSPs that fail to meet SLA targets. Ensure penalty clauses are enforceable and incentivize MSP compliance. Include requirements for MSP disaster recovery and business continuity plans. Experience in evaluating MSP capabilities, service offerings, and compliance with SLAs Expertise in designing and implementing role-based access control (RBAC), attribute-based access control (ABAC), and least privilege principles. Knowledge of software composition analysis (SCA) tools and techniques to manage open-source software risks. Understand current and emerging threats, attack vectors, and tactics, techniques, and procedures (TTPs) used by threat actors. Experience using threat intelligence platforms (TIPs) like ThreatConnect, Anomali, Recorded Future, or MISP to gather and analyze threat data. Indicator of Compromise (IOC) Management: Ability to identify, categorize, and manage IOCs (e.g., IP addresses, hashes, domains). Familiarity with hypothesis-driven threat hunting methodologies, including structured approaches like MITRE ATT&CK and Cyber Kill Chain. Proficiency with EDR and XDR tools like CrowdStrike, Carbon Black, SentinelOne, or Microsoft Defender for Endpoint. Experience using the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) model to identify and categorize threats. Familiarity with the DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) framework for risk assessment and prioritization. Proficiency in using the MITRE ATT&CK framework to map out potential adversary tactics and techniques. Ability to design and recommend security controls and countermeasures to mitigate identified threats. * Skills to validate the effectiveness of implemented controls through testing and continuous monitoring.