Security specialist jobs

Чекали на справжні професійні виклики? Наймасштабніша в Україні розробка кібербезпеки банківського ПО на усіх рівнях для тисяч проектів та співробітників. Шукаємо Application Security Engineer, який сформує архітектурне бачення та втілить рішення разом із найкрутішою командою. Обговоримо?


Про проект
Головною метою проекту є впровадження та управління практиками безпеки в існуючих процесах розробки. Проект передбачає впровадження безпеки на всіх етапах: управління, проектування, реалізація, верифікація, операції. Задачі полягатимуть у дослідженні, впровадженні та вдосконаленні практик безпеки.

Наш виклик – це забезпечення безпеки у:
- тисячах проектів;
- сотнях команд розробки, тестування та експлуатації;
- різноманітності технологічного стека;
- різноманітності архітектурних рішень;
- різноманітності підходів у розробці, тестуванні та доставці коду.

Ми пропонуємо можливість отримувати досвід роботи над S-SDLC у масштабах найбільшого банку країни.

Обов'язки:

- Оцінка, впровадження та розвиток практик S-SDLC;
- Застосування інструментів, побудова процесів для автоматизації та контролю практик;
- Робота із стейкхолдерами проекту;
- Проведення технічних досліджень;
- Аудит безпеки портфеля додатків, інфраструктури та використовуваних технологій;
- Консультування команд розробки та інших підрозділів з питань інформаційної безпеки;
- Проведення доповідей, воркшопів, презентацій для навчання працівників;
- Створення документів, що регламентують практики, які впроваджуються.

Вимоги:

- Вища технічна освіта, бажано у сфері інформаційної безпеки;
- Досвід від 3-х років у сфері ІБ, розробці чи менеджменті ІТ;
- Розуміння кожного з етапів циклу розробки;
- Розуміння технологій, інструментів розробки та доставки коду;
розуміння практик циклу безпечної розробки;
- Знання флагманських проектів OWASP;
- Розуміння архітектури та принципів клієнт-серверних додатків;
- Знання мережевих протоколів;
- Розуміння структури та призначення компонентів додатків (ELK, MySQL, Redis, Rabbit, Apache kafka та інше);
- Хороші комунікативні навички, вміння презентувати свої ідеї та напрацювання;
- Знання англійської мови на рівні достатньому для читання літератури та базової комунікації.

Буде плюсом:

- Практичний досвід застосування в організації OWASP SAMM / Microsoft SDL чи інших моделей S-SDLC;
- Практичний досвід впровадження нових процесів в організації;
- Досвід проведення тестів на проникнення, аудитів безпеки;
- Сертифікації у сфері інформаційної безпеки.

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Security Consultant who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM
- Junior-level cybersecurity certifications would be a plus.
- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals
- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)
- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.
- Strong drive to learn and develop cybersecurity skills
- Technical English (Intermediate)

We offer

- Good salary + bonus system
- Rewarding environment: brilliant team ready to share knowledge and collaborate
- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.
- Courses and conferences which are relevant to the position are sponsored by the company.
- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps
- Conduct security research

P2H is a service IT company with a product approach and 17 years of experience in the industry. We build complex corporate solutions for large businesses and government organizations in different countries. Today we are reaching a new level and are looking for an experienced Information Security Specialist who will take part in preparing the company for ISO 27001 certification.

Your impact
- Development and support of standards, procedures, policies for the preparation and certification of the company according to the ISO27001 standard.
- Development and support procedures to ensure compliance with information security legislation
- Interaction with internal and external stakeholders on the issues of bringing the company's processes in line with information security standards
- Verification of the completeness of the internal and external audit of information security
- Continuous improvement of information security management processes in the company

We are looking for someone who
- Has an experience in Information and Cyber Security for 2+ years
- Has in-depth experience and understanding of security frameworks, standards and best practices relevant to information security (e.g. ISO 27001) covering implementation, oversight or audit experience
- Speaks fluent in English
- Is a strong communication and proactive person

Nice to have
- Understanding of QMS, experience with BPMN/UML diagrams

Our benefits
- 24 days for rest, 10 days for health and well-being
- Unlimited recovery from covid
- Сoworking space – compensated partially. Unlimited coworking in Lviv and Vinnytsia, where P2H coworking spaces are located.
- Unlimited learn and development budget
- Sports club membership – compensated partially
- Free online English lessons
- Full accounting and legal support for private entrepreneurs

Recruiting process
- Online interview with a recruiter — 20-30 minutes.
- Interview with Head of QMS and PM Lead— up to 1-1.5 hours.

We are looking for a qualified information security and software manager with experience in administering employee accounts and credentials, setting up & configuring tools, and creating automations.

Your responsibilities:
🔹 Set up & configure accounts for employees (Jira, Google WorkSpace, etc.)
🔹 Configure company tools and manage security
🔹 Manage credentials in 1password (maintain groups, vaults rotate passwords, etc.)
🔹 Update/improve existing security related processes in the company
🔹 Build & maintain different security monitoring tools
🔹 Configure, troubleshoot, and maintain company tools & software
🔹 Write technical documentation, manuals, and IT policies for employees

Your skills:
🔸 Good level of English (both writing and speaking)
🔸 Experience with access control for cloud services (e.g. GCP & AWS)
🔸 Knowledge of different Operating systems; hands-on experience with command-line tools
🔸 Experience with gathering data from different sources (e.g. via APIs); knowledge of SQL would be a plus
🔸 Ability to create basic automations (using Zapier or other tools, or any scripting language)
🔸 Ability and drive to learn and develop cybersecurity skills
🔸 System Administrator certificate, degree in Information Technology or Computer Science would be a plus
🔸 Experience with SOC 2 or ISO 27001 certification would be a plus

PROJECT
As a part of the Security Research Team, you will be part of a team of highly skilled and sometimes quirky hackers, intelligence researchers and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet human.

REQUIREMENTS
Deep knowledge of how the internet and web browsers work. Proficient knowledge of JavaScript
Understanding of threats, fraud, information security vulnerabilities, and other cyber security-related events
Bachelor’s degree and 4-8 years of experience in related fields (i.e. browser security, intelligence analysis, digital forensics, threat hunting, government analysis) 
Track record of independent, creative problem solving with large amounts of complex data
Ability to write high-quality documentation
Willingness to give presentations both internally and externally

NICE TO HAVE:
Skills in developing processes and methodologies for investigations
Experience with training teams
One or more cyber-related certifications (i.e. CISSP, GCFA, GCFE, Sec+)
Python or other coding experience
Dynamic or static analysis of software using 3rd party tools
Databases  (SQL) experience
PERSONAL PROFILE
You are a curious, persistent person who is always thinking out of the box that wants to apply your knowledge to always do the right thing
You are open, transparent, and can work in tight collaboration with anyone
You are comfortable communicating in a decentralized work environment and across organizations

RESPONSIBILITIES
Play a lot with the web-browsers, trying to find differences in behavior between them
Research and develop signal collection on both mobile and desktop, which enables detection and defense deployments
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer
Find ways to hide or otherwise game ad placements on the web and mobile environments.
Understand customer specific requirements, deliver with impact and exceed customer expectations
Share security research topics through research talks, knowledge base and external engagements including media interviews and conference presentations, detailing your discoveries for internal and external sharing
Discover adversary tactics, techniques, and procedures leveraged by bots
Create and validate data insights to enhance detection excellence
Find bad stuff on the internet, see if you can figure out how it is done, document it
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first
Stay abreast of cyber security trends and events related to our mission
Contribute high impact work that substantially benefits team level metrics and OKRs
Develop techniques, tools, and scripts to simplify yours and others work

The Information Security Assistant Manager will contribute, with the help of IT personnel and the company’s CISO, in identifying, developing and maintaining policies, standards, procedures, guidelines and corresponding control framework to ensure security compliance with ISO27001 framework.

Requirements:
- IT Security and risk management experience and background
- Knowledge on ISO27001 framework GDPR regulation
- Knowledge about IT infrastructure (Cloud), operations, software, hardware, tooling, data flows, change control, BC/DR
- Experience in IT management, Information Security or CyberSecurity (Preferred, but not required)
- BS in Computer Science, MIS or similar field
- Upper-intermediate English

Responsibilities:
- Conduct the continual improvement, maintenance and development of ISO27001 Information Security Management Program
- Quarterly check on completeness of internal auditing of ISO27001.
- Performing risk and control assessments and deep dives within various product and technology teams
- Oversee information security audits performed by third-party personnel
- Create and deliver training and awareness program for the personnel globally
- Develop, maintain, implement, and support procedures and measures to ensure compliance with all applicable Information Security legislation
- Understanding the operational environment of the equipment and the cyber security risks that this presents, identifying threats, vulnerabilities and mitigations
- When necessary. engage with internal and external stakeholders on the company’s IT risk posture

We offer:
- Flexible work schedule (8-11 am — 17-20 pm)
- Annual paid vacation (20 working days) and 10 days of sick leave
- Remote work or office in Kharkiv or Gdansk (Poland)
- Medical insurance
Sending your CV, please let us know about your salary expectation

Infopulse Poland is inviting talented professionals to join our project as a Senior Security Engineer in our offices or remotely in Poland.

Our customer is Tietoevry – one of the leading IT services and software providers in the Scandinavian region that has more than 10,000 customers across the private and public sectors.
Every day more than five million people in the Nordic region use solutions delivered by Tietoevry. Through its strong local presence and in-depth technological and commercial insight, Tietoevry is a driving force for innovation and modernization that helps its customers transform their businesses.


Areas of Responsibility

• Malware defense
• Deploying, integration and delivery of anti-malware services to various customers
• Incident management according to ITIL processes
• Problem analysis/resolution and change management
• Configuring, troubleshooting and maintaining endpoint security and content analysis solutions for our customers
• Actively mitigating and ultimately resolving all incidents and problems related to the maintained solutions
• Assessing, planning and implementing changes in the customer environment
• Proposing service improvements based on best industry practice, your own experience and troubleshooting outcomes
• Preparing/maintaining operational documentation, service reports and documenting network security designs


Qualifications

• More than 4 years of experience as an IT Security Engineer
• Knowledge about configuring, managing and maintaining Defender
• IT security operations, incident response or project experience
• Information security or risk management expertise
• IT systems audit or security testing expertise
• Analytical and troubleshooting skills
• Hands-on experience in supporting enterprise level solutions
• Ability to communicate effectively with various customers and to explain and elaborate on technical details
• Upper-intermediate level of English or higher
• Demonstrated ability to document processes and procedures
• Good sense of ownership and problem-solving attitude
• Interest in IT security, network security and server administration technologies


Will be an advantage

• Knowledge of Symantec
• Knowledge of converting Symantec to Defender
• Experience in cloud security
• Security professional certification, issued by security industry leaders

Divoro is growing MSSP (Managed Security Service Provider) in the Cyber Security space.
We are a team of 30 security professionals that are passionate to protect our customers and grow together as a team and as a company. 

Now we are looking for Information Security Specialist to join our team. 

Your responsibilities will be: 
➢ Conduct business communication regarding Security, Privacy, and Due Diligence Questionnaires from customers and prospects. 
➢ Partner with key business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of the Company’s systems and data. 
➢ Maintain existing information security policies up to date. 
➢ Design and implement information security education, training, and awareness programs. 
➢ Establish a security risk matrix and framework; set up and refine security controls for the enterprise landscape.  
➢ Consult with business owners regarding their information security risks and responsibility in minimizing those risks. 
➢ Oversee GDPR, CCPA, and other regulatory compliance processes. 
➢ Ensure client companies’ security certification. 

Requirements: 
➢ Excellent verbal and written English skills. 
➢ 1+ Information Security Management background, knowledge, and/or experience. 
➢ Theoretical knowledge of Risk management.  
➢ Good communication and interpersonal skills.  
➢ Quick learning of new tools and concepts at a high level. 
➢ Ability to work independently and as part of a team.   

Nice to have: 
➢ Understanding of software development lifecycle, and IT processes. 
➢ Knowledge of Jira, Confluence, and SharePoint tools. 
➢ Understanding of Cloud systems. 
➢ Knowledge or experience in any of the following frameworks/standards: ISO 27001; NIST; SOC2 etc.) 
➢ GDPR, CCPA, and another regulatory compliance background. 

What we offer:  
➢ Great experience in a global cyber security company. 
➢ Opportunity to grow with the company in any area you choose. 
➢ Direct contract with the American company. 
➢ Open-minded, professional team that will be developing & supporting you. 
➢ Paid vacation and sick leaves. 
➢ Paid professional training. 
➢ Medical insurance after the trial period. 
➢ Flexible, remote work environment. 
➢ Office in Kyiv with guaranteed electricity & internet 😊

 

Responsibilities:
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.
• Recognizes problems by identifying anomalies with tools, reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Upgrades system by implementing and maintaining security controls.
• Keeps users informed by preparing performance reports, communicating system status.
• Collaborate with vendors to perform penetration testing for internal and cloud environment.
• Run vulnerability scans and remediate vulnerabilities

Job Qualifications and Skills
• Worked as a security manager/engineer for a SaaS company
• Develop and implement Information security policies and procedures
• TOP 10 for Web Applications
• Aware about PCI-DSS technical requirenments
• Well-versed in security operations, cyber security tools, intrusion detection, and secured s
• Securing Java applications
• Write correlations rules for security alerts

Applications and Tools Experience
• (WAF system)
• Cloud security
• Vulnerability management tools (e.g. SecureTrust, Greenbone or Qualys, OpenVAS, Tenable, Nexpose)
• Collaborate with DevOps for secure System Administration (most Linux, less Windows and MacOS)
• Security (Firewalls, Open VPN/Meraki VPN, equipment)
• Security operations center tools like InsightIDR from Rapid7 (or Splunk or similar)
• Logging tools like or Sumo Logic, Mode, , Athena

Security certifications (one of below or equivalent):
• CISSP - Certified Information Systems Security Professional
• SCS-C01 - Security Specialty
• Security+ - from CompTIA

We offer
Strong career opportunities for professionals
A variety of international projects and mobility across them
Career development support and professional certification opportunities
Competitive compensation, advanced bonus systems
Flexible working schedule with a remote possibility
Medical insurance
Corporate, ial, and cultural event

The role:

The candidate will be a subject matter expert, coordinate the team and responsible for:

— Performing cyber response, threat intelligence, monitoring and detection activities as part of the client’s engagements

— Building SOC’s from scratch or providing recommendations for improving the existing ones

— Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them

— Provide expert analysis investigative support of large scale and complex security incidents

— Support development of both technical and organizational solutions to address client’s issues

— Combine technical and conceptual knowledge to generate valuable reports

— Train and mentor junior staff on the cyber response matters

Experience and skills required

The ideal candidate should:

— Possess Bachelor and/or Master degree in Technology, Engineering, or Business studies with Information Systems major/minor along with deep interest in technology risk, security and IT governance

— Have strong research, analytical, organizational, problem solving and inter-personal skills

— Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences

— Minimum 2-3 years of previous experience in security operations and/or minimum 1 year in team lead role

— English — Intermediate (B1) and higher and/or a strong desire to improve English skills in a short time

— Strong IT and network skills — knowledge of common enterprise technologies — Windows and Windows Active Directory, Linux, Cisco, cloud solutions etc.

— Have a good working knowledge of information security principles, techniques and current\emerging threats, and a dedicated and self-driven desire to research and learn more in this field

— Strong understanding of security operations technologies including SIEM, EDR, SOAR/IRP, IDS/IPS, TIP etc.

— Ability to develop relevant alerting, countermeasures, and threat hunting techniques

— Have experience with security related regulatory requirements, such as NIST, PCI/DSS, ISO 27001, NBU

— Preferred experience using Python, PowerShell, Bash, or an equivalent language

— Preferred security certifications (e.g., GIAC\SANS, CREST, Offensive Security, CEH, Mile2 and similar)