Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.
We are looking for a talented and motivated Junior Security Consultant who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.
We expect a short motivation letter where you can explain your skills, achievements and motivation.
- Solid non-commercial cybersecurity experience, such as HTB/THM
- Junior-level cybersecurity certifications would be a plus.
- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals
- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)
- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.
- Strong drive to learn and develop cybersecurity skills
- Technical English (Intermediate)
- Good salary + bonus system
- Rewarding environment: brilliant team ready to share knowledge and collaborate
- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.
- Courses and conferences which are relevant to the position are sponsored by the company.
- We are a remote-first company with full WFH support and a flexible work schedule.
- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps
- Conduct security research
P2H is a service IT company with a product approach and 17 years of experience in the industry. We build complex corporate solutions for large businesses and government organizations in different countries. Today we are reaching a new level and are looking for an experienced Information Security Specialist who will take part in preparing the company for ISO 27001 certification.
- Development and support of standards, procedures, policies for the preparation and certification of the company according to the ISO27001 standard.
- Development and support procedures to ensure compliance with information security legislation
- Interaction with internal and external stakeholders on the issues of bringing the company's processes in line with information security standards
- Verification of the completeness of the internal and external audit of information security
- Continuous improvement of information security management processes in the company
We are looking for someone who
- Has an experience in Information and Cyber Security for 2+ years
- Has in-depth experience and understanding of security frameworks, standards and best practices relevant to information security (e.g. ISO 27001) covering implementation, oversight or audit experience
- Speaks fluent in English
- Is a strong communication and proactive person
Nice to have
- Understanding of QMS, experience with BPMN/UML diagrams
- 24 days for rest, 10 days for health and well-being
- Unlimited recovery from covid
- Сoworking space – compensated partially. Unlimited coworking in Lviv and Vinnytsia, where P2H coworking spaces are located.
- Unlimited learn and development budget
- Sports club membership – compensated partially
- Free online English lessons
- Full accounting and legal support for private entrepreneurs
- Online interview with a recruiter — 20-30 minutes.
- Interview with Head of QMS and PM Lead— up to 1-1.5 hours.
Чекали на справжні професійні виклики? Наймасштабніша в Україні розробка кібербезпеки банківського ПО на усіх рівнях для тисяч проектів та співробітників. Шукаємо Application Security Engineer, який сформує архітектурне бачення та втілить рішення разом із найкрутішою командою. Обговоримо?
Головною метою проекту є впровадження та управління практиками безпеки в існуючих процесах розробки. Проект передбачає впровадження безпеки на всіх етапах: управління, проектування, реалізація, верифікація, операції. Задачі полягатимуть у дослідженні, впровадженні та вдосконаленні практик безпеки.
Наш виклик – це забезпечення безпеки у:
- тисячах проектів;
- сотнях команд розробки, тестування та експлуатації;
- різноманітності технологічного стека;
- різноманітності архітектурних рішень;
- різноманітності підходів у розробці, тестуванні та доставці коду.
Ми пропонуємо можливість отримувати досвід роботи над S-SDLC у масштабах найбільшого банку країни.
- Оцінка, впровадження та розвиток практик S-SDLC;
- Застосування інструментів, побудова процесів для автоматизації та контролю практик;
- Робота із стейкхолдерами проекту;
- Проведення технічних досліджень;
- Аудит безпеки портфеля додатків, інфраструктури та використовуваних технологій;
- Консультування команд розробки та інших підрозділів з питань інформаційної безпеки;
- Проведення доповідей, воркшопів, презентацій для навчання працівників;
- Створення документів, що регламентують практики, які впроваджуються.
- Вища технічна освіта, бажано у сфері інформаційної безпеки;
- Досвід від 3-х років у сфері ІБ, розробці чи менеджменті ІТ;
- Розуміння кожного з етапів циклу розробки;
- Розуміння технологій, інструментів розробки та доставки коду;
розуміння практик циклу безпечної розробки;
- Знання флагманських проектів OWASP;
- Розуміння архітектури та принципів клієнт-серверних додатків;
- Знання мережевих протоколів;
- Розуміння структури та призначення компонентів додатків (ELK, MySQL, Redis, Rabbit, Apache kafka та інше);
- Хороші комунікативні навички, вміння презентувати свої ідеї та напрацювання;
- Знання англійської мови на рівні достатньому для читання літератури та базової комунікації.
- Практичний досвід застосування в організації OWASP SAMM / Microsoft SDL чи інших моделей S-SDLC;
- Практичний досвід впровадження нових процесів в організації;
- Досвід проведення тестів на проникнення, аудитів безпеки;
- Сертифікації у сфері інформаційної безпеки.
We are looking for a qualified information security and software manager with experience in administering employee accounts and credentials, setting up & configuring tools, and creating automations.
🔹 Set up & configure accounts for employees (Jira, Google WorkSpace, etc.)
🔹 Configure company tools and manage security
🔹 Manage credentials in 1password (maintain groups, vaults rotate passwords, etc.)
🔹 Update/improve existing security related processes in the company
🔹 Build & maintain different security monitoring tools
🔹 Configure, troubleshoot, and maintain company tools & software
🔹 Write technical documentation, manuals, and IT policies for employees
🔸 Good level of English (both writing and speaking)
🔸 Experience with access control for cloud services (e.g. GCP & AWS)
🔸 Knowledge of different Operating systems; hands-on experience with command-line tools
🔸 Experience with gathering data from different sources (e.g. via APIs); knowledge of SQL would be a plus
🔸 Ability to create basic automations (using Zapier or other tools, or any scripting language)
🔸 Ability and drive to learn and develop cybersecurity skills
🔸 System Administrator certificate, degree in Information Technology or Computer Science would be a plus
🔸 Experience with SOC 2 or ISO 27001 certification would be a plus
As a part of the Security Research Team, you will be part of a team of highly skilled and sometimes quirky hackers, intelligence researchers and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet human.
Understanding of threats, fraud, information security vulnerabilities, and other cyber security-related events
Bachelor’s degree and 4-8 years of experience in related fields (i.e. browser security, intelligence analysis, digital forensics, threat hunting, government analysis)
Track record of independent, creative problem solving with large amounts of complex data
Ability to write high-quality documentation
Willingness to give presentations both internally and externally
NICE TO HAVE:
Skills in developing processes and methodologies for investigations
Experience with training teams
One or more cyber-related certifications (i.e. CISSP, GCFA, GCFE, Sec+)
Python or other coding experience
Dynamic or static analysis of software using 3rd party tools
Databases (SQL) experience
You are a curious, persistent person who is always thinking out of the box that wants to apply your knowledge to always do the right thing
You are open, transparent, and can work in tight collaboration with anyone
You are comfortable communicating in a decentralized work environment and across organizations
Play a lot with the web-browsers, trying to find differences in behavior between them
Research and develop signal collection on both mobile and desktop, which enables detection and defense deployments
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer
Find ways to hide or otherwise game ad placements on the web and mobile environments.
Understand customer specific requirements, deliver with impact and exceed customer expectations
Share security research topics through research talks, knowledge base and external engagements including media interviews and conference presentations, detailing your discoveries for internal and external sharing
Discover adversary tactics, techniques, and procedures leveraged by bots
Create and validate data insights to enhance detection excellence
Find bad stuff on the internet, see if you can figure out how it is done, document it
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first
Stay abreast of cyber security trends and events related to our mission
Contribute high impact work that substantially benefits team level metrics and OKRs
Develop techniques, tools, and scripts to simplify yours and others work
The Information Security Assistant Manager will contribute, with the help of IT personnel and the company’s CISO, in identifying, developing and maintaining policies, standards, procedures, guidelines and corresponding control framework to ensure security compliance with ISO27001 framework.
- IT Security and risk management experience and background
- Knowledge on ISO27001 framework GDPR regulation
- Knowledge about IT infrastructure (Cloud), operations, software, hardware, tooling, data flows, change control, BC/DR
- Experience in IT management, Information Security or CyberSecurity (Preferred, but not required)
- BS in Computer Science, MIS or similar field
- Upper-intermediate English
- Conduct the continual improvement, maintenance and development of ISO27001 Information Security Management Program
- Quarterly check on completeness of internal auditing of ISO27001.
- Performing risk and control assessments and deep dives within various product and technology teams
- Oversee information security audits performed by third-party personnel
- Create and deliver training and awareness program for the personnel globally
- Develop, maintain, implement, and support procedures and measures to ensure compliance with all applicable Information Security legislation
- Understanding the operational environment of the equipment and the cyber security risks that this presents, identifying threats, vulnerabilities and mitigations
- When necessary. engage with internal and external stakeholders on the company’s IT risk posture
- Flexible work schedule (8-11 am — 17-20 pm)
- Annual paid vacation (20 working days) and 10 days of sick leave
- Remote work or office in Kharkiv or Gdansk (Poland)
- Medical insurance
Sending your CV, please let us know about your salary expectation
Divoro is growing MSSP (Managed Security Service Provider) in the Cyber Security space.
We are a team of 30 security professionals that are passionate to protect our customers and grow together as a team and as a company.
Now we are looking for Information Security Specialist to join our team.
Your responsibilities will be:
➢ Conduct business communication regarding Security, Privacy, and Due Diligence Questionnaires from customers and prospects.
➢ Partner with key business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of the Company’s systems and data.
➢ Maintain existing information security policies up to date.
➢ Design and implement information security education, training, and awareness programs.
➢ Establish a security risk matrix and framework; set up and refine security controls for the enterprise landscape.
➢ Consult with business owners regarding their information security risks and responsibility in minimizing those risks.
➢ Oversee GDPR, CCPA, and other regulatory compliance processes.
➢ Ensure client companies’ security certification.
➢ Excellent verbal and written English skills.
➢ 1+ Information Security Management background, knowledge, and/or experience.
➢ Theoretical knowledge of Risk management.
➢ Good communication and interpersonal skills.
➢ Quick learning of new tools and concepts at a high level.
➢ Ability to work independently and as part of a team.
Nice to have:
➢ Understanding of software development lifecycle, and IT processes.
➢ Knowledge of Jira, Confluence, and SharePoint tools.
➢ Understanding of Cloud systems.
➢ Knowledge or experience in any of the following frameworks/standards: ISO 27001; NIST; SOC2 etc.)
➢ GDPR, CCPA, and another regulatory compliance background.
What we offer:
➢ Great experience in a global cyber security company.
➢ Opportunity to grow with the company in any area you choose.
➢ Direct contract with the American company.
➢ Open-minded, professional team that will be developing & supporting you.
➢ Paid vacation and sick leaves.
➢ Paid professional training.
➢ Medical insurance after the trial period.
➢ Flexible, remote work environment.
➢ Office in Kyiv with guaranteed electricity & internet 😊
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.
• Recognizes problems by identifying anomalies with tools, reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Upgrades system by implementing and maintaining security controls.
• Keeps users informed by preparing performance reports, communicating system status.
• Collaborate with vendors to perform penetration testing for internal and cloud environment.
• Run vulnerability scans and remediate vulnerabilities
Job Qualifications and Skills
• Worked as a security manager/engineer for a SaaS company
• Develop and implement Information security policies and procedures
• TOP 10 for Web Applications
• Aware about PCI-DSS technical requirenments
• Well-versed in security operations, cyber security tools, intrusion detection, and secured s
• Securing Java applications
• Write correlations rules for security alerts
Applications and Tools Experience
• (WAF system)
• Cloud security
• Vulnerability management tools (e.g. SecureTrust, Greenbone or Qualys, OpenVAS, Tenable, Nexpose)
• Collaborate with DevOps for secure System Administration (most Linux, less Windows and MacOS)
• Security (Firewalls, Open VPN/Meraki VPN, equipment)
• Security operations center tools like InsightIDR from Rapid7 (or Splunk or similar)
• Logging tools like or Sumo Logic, Mode, , Athena
Security certifications (one of below or equivalent):
• CISSP - Certified Information Systems Security Professional
• SCS-C01 - Security Specialty
• Security+ - from CompTIA
Strong career opportunities for professionals
A variety of international projects and mobility across them
Career development support and professional certification opportunities
Competitive compensation, advanced bonus systems
Flexible working schedule with a remote possibility
Corporate, ial, and cultural event
The candidate will be a subject matter expert, coordinate the team and responsible for:
— Performing cyber response, threat intelligence, monitoring and detection activities as part of the client’s engagements
— Building SOC’s from scratch or providing recommendations for improving the existing ones
— Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them
— Provide expert analysis investigative support of large scale and complex security incidents
— Support development of both technical and organizational solutions to address client’s issues
— Combine technical and conceptual knowledge to generate valuable reports
— Train and mentor junior staff on the cyber response matters
Experience and skills required
The ideal candidate should:
— Possess Bachelor and/or Master degree in Technology, Engineering, or Business studies with Information Systems major/minor along with deep interest in technology risk, security and IT governance
— Have strong research, analytical, organizational, problem solving and inter-personal skills
— Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences
— Minimum 2-3 years of previous experience in security operations and/or minimum 1 year in team lead role
— English — Intermediate (B1) and higher and/or a strong desire to improve English skills in a short time
— Strong IT and network skills — knowledge of common enterprise technologies — Windows and Windows Active Directory, Linux, Cisco, cloud solutions etc.
— Have a good working knowledge of information security principles, techniques and current\emerging threats, and a dedicated and self-driven desire to research and learn more in this field
— Strong understanding of security operations technologies including SIEM, EDR, SOAR/IRP, IDS/IPS, TIP etc.
— Ability to develop relevant alerting, countermeasures, and threat hunting techniques
— Have experience with security related regulatory requirements, such as NIST, PCI/DSS, ISO 27001, NBU
— Preferred experience using Python, PowerShell, Bash, or an equivalent language
— Preferred security certifications (e.g., GIAC\SANS, CREST, Offensive Security, CEH, Mile2 and similar)
Hi, we are ESKA, a team of experts who plan, create and develop the most reliable innovative cyber security solutions in Ukraine. Related to growth, development and international expansion we have a target to add our team with new members. So we are looking for The Advanced Network Engineer.
If data protection is your passion and you want to be part of a real professional team, feel free to send us your CV.
What awaits you with us?
The team. With us, you will become part of a real team: simple, sincere, honest, open and zealous people who are dedicated to their work;
Innovative technologies. We carefully monitor information and cyber security innovations, choose the best new tools, so you will always be in a good professional form;
Flexibility. The world changes quickly, we strive to move in the same rhythm: locations, schedules, approaches, communications. We combine flexibility in processes with strict requirements for the quality of the end result.
Bachelor's degree in Computer Science, Computer Engineering or related field.
5+ years of experience in network engineering.
Strong knowledge of routing protocols such as OSPF and BGP.
Experience with firewall technologies such as Cisco ASA or Check Point.
Experience with load balancing technologies such as F5 or Citrix Netscaler.
Experience with network security concepts and best practices.
Strong analytical and problem-solving skills.
CCNP or CCIE certification is a plus.
Design, implement, and maintain network infrastructure including routers, switches, firewalls, and load balancers.
Configure and troubleshoot network issues in a timely manner.
Monitor network performance and optimize as necessary.
Collaborate with other teams to ensure network security and compliance with industry standards.
Research and recommend new technologies to improve network performance and security.
Provide mentorship and guidance to junior network engineers.
This is a part-time position with flexible working hours.
If you are a highly motivated and skilled professional with a passion for data privacy and compliance, we encourage you to apply for this opportunity.
Or login with
Enter the email you used to register
If e-mail is registered in the system, an email will be sent to it.
The site provides its services to a job seeker for free!
The length of the online consultation will be no more than 10 minutes from your first reply.
Therefore, during the dialogue it is better to stay in touch and respond promptly to all counter questions. Due to the heavy workload, the response time to the completed form can reach one day.