Technology Specialist

Stanowisko: Technology Specialist

Miejsce pracy: Kraków

Data dodania: 14.07.2022

DCG is a modern technology company, gathering in its ranks IT related professionals. Due to the continuous development and the large number of recruitment projects that we carry out for our Partners, we are looking for a person for the position:

Technology Specialist

Responsibilities:

  • Upholding Vulnerability Management processes across the enterprise, and ensure stakeholders buy-in
  • Acting as a subject matter expert with regards to Information Security vulnerabilities
  • Defining and measuring the necessary Vulnerability Management metrics.
  • Combining the various sources of vulnerabilities information – pentests, scans, bug bounties, external researchers etc. – into one coherent picture
  • Driving the Vulnerability Management activities as part of a specialized Real-time Threat Management team. This includes applying candidate analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, identify and classify weakness and potential issues, filter out false-positives, aggregate vulnerabilities across assets to assign the appropriate priority and risk level
  • Supporting identification of vulnerabilities by enhancing vulnerability identification at process and technology level
  • Owning, managing, and maturing infrastructure vulnerability scanning process and tools and align with vulnerability identification KPIs
  • Supporting identification, triaging assignment and remediation of vulnerabilities, ensuring that vulnerability management lifecycle is followed
  • Timely responding to security threats by collaboration with other security teams and providing effective remediation solution complemented by compensatory controls
  • Providing data driven insights into improvement opportunities for infrastructure vulnerability management process
  • Preparing reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective
  • Working with engineering teams for effective patch management by providing reports and vulnerability metrics
  • Providing support for infrastructure penetration testing
  • Driving the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
  • Proactively researching new methods, tools, and strategies to effectively identify vulnerabilities
  • Looking for structural solutions over one-time quick fixes

Requirements:

  • 3+ years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level
  • Good level of understanding of infrastructure vulnerability scanning tools, EDR solutions
  • Understanding (technical aspects of) penetration testing and results (including scoping and organizing of pentests, use of vulnerability scanners, vulnerability management tools) and basic knowledge of web application vulnerabilities and standards
  • Good understanding of IT fundamentals across networking (such as DNS, SNMP, DHCP, IPSEC etc.), system, and application layers
  • Experience with outsourced managed services, using ITIL processes
  • Knowledge of industry standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP, NIST, ISO 27001/2, CSA, COBIT)
  • Basic familiarity with scripting programming e.g. Bash, PowerShell, Python
  • Relevant technical solutions such as vulnerability management tooling (Nessus, Qualys, Defender for Endpoints)
  • System security (operating systems, applications), networking, and web applications
  • Basic knowledge on security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication) and practical knowledge on application security controls
  • Threat Modelling experience
  • Basic knowledge on other infrastructure. Eg: Active Directory, DNS, IP Addressing, Azure AD
  • Basic knowledge of: Penetration testing, Malware engineering, offensive security specialist (e.g pen tester, ethical hacker, etc.)
  • Skills: Sysadmins, Network admins, Network security administrator
  • Basic knowledge of: Enabling services (e.g NTP, SMTP, patching, Antivirus); Server infrastructure (VMWare ESXi, storage, Azure, AWS); basic cryptography; DB; autentication protocol
  • Certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar are a plus

Offer:

  • Private medical care
  • Constant support of dedicated consultant
  • Team-building events organised by DCG
  • Competitive salary adequate to experience and skills

Przed wyslaniem CV/dokumentów aplikacyjnych, uprzejmie prosimy kandydatów o zapoznanie się z klauzulą informacyjną.

Po zapoznaniu się z klauzulą informacyjną podaną przez Administratora Danych dobrowolnie wyrażam zgodę na przetwarzanie przez Ogłoszeniodawcę moich danych osobowych, zawartych w mojej ofercie pracy, dla potrzeb procesu tej rekrutacji oraz dla realizacji przyszłych projektów rekrutacyjnych.

Agencja doradztwa personalnego (nr licencji 4642)

Dane spółki: Diverse CG Sp. z o.o. Sp.k., ul. Towarowa 28, 00-839 Warszawa                                                     

REGON: 141316780

NIP: 5222877930

KRS: 0000733458

Obserwuj nas: