Supporting or leading the execution of IT and information security audits / assessments of IT processes against leading practices, frameworks and common standards (e.g. CoBIT, ISO 27001/02).
Participation in IT Assurance/Audit engagements including the evaluation of the effectiveness and efficiency of General IT controls, automated and IT dependent process controls
Preparation of recommendations to improve IT processes and controls for clients and key stakeholders
Conducting IT risk assessments
Participation in business development activities e.g. make contribution to establishing and maintaining solid working relationships with a client, working productively with client team members, acting proactively and detect potential business opportunities
Working effectively as a team lead e.g. effectively plan, allocate and delegate tasks, monitor work process and reviews results. Share arising issues with team and manager, involve manager and partner as appropriate, provide regular updates on project status
Thoroughly check quality of own and team members' work, ensure client deliverables are on time and with exceptional quality.
Bachelor’s degree in computer science, information security or other related fields 2−3 years of relevant experience Knowledge of the COBIT, COSO, ITIL or other IT governance and control frameworks Audit experience across multiple technology domains, including databases, operating systems and applications
Solid understanding of business processes (e.g. Finance/Accounting, Procurement, Sales, etc.), business and technology risks
Excellent business writing and verbal communication skills in English
Advanced Ms Office skills specially in Excel and PowerPoint
Good organizational and time management skills with the ability to prioritize and complete multiple projects under tight deadlines
It will be a plus
Professional qualifications such as CISA, CISSP, ISO 27000, ISO 20000, ITIL or other related to IT audit/security
Strong attention to details and the ability to analyze large volumes of data
Sharp analytical mind and technical aptitude Strong verbal and writing communication skills
Exceptional problem-solving, analytical and critical thinking skills Ability to work as part of a team and commitment to achieving results Effective interpersonal and communication skills
• Bachelor’s or master’s in computer science or related field or equivalent experience
• 3+ years of experience in applying secure software development methods, participate in building secure application and systems
• Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, security assurance
• Good understanding of software architectures and technologies (including web application architectures, operating systems architectures, cloud architectures, TCP/IP Stack, software development processes)
• Strong familiarity with application security concepts/standards/laws/best-practices (e.g. OWASP, CIS, NIST SP 800, ISO27000 series)
• Experience in conducting security code review, security testing, application threat modelling and security risk assessment
• A burning desire to grow in both engineering and security expertise
Will be an advantage
• Practical experience in popular commercial and opensource security testing tools usage (e.g. Acunetix, Nessus, Burp, ZAP, Kali Linux)
• Good understanding of at least two of following programming languages (i.e. ability to figure out what’s going on by looking at code snippets): C#, C++, Java, Python, JS
• Practical experience in application development, secure coding and scripting languages for automation
• Practical experience in Microsoft Cloud Security
• Practical experience in systems hardening
Areas of Responsibility
• Participate in threat modeling and applications risk assessment
• Perform system & application security requirements review, definition and clarification
• Working closely with development teams to support of integration best security practices into their development processes
• Contribute on corporate SDLC enhancement, design and implement security controls and best practices
• Participate in investigation, development and implementation techniques for secure code reviews and security testing
• Conduct application security testing and perform secure code review.
• Participate in enhancement of SAST/DAST/IAST integration into applications CI/CD pipeline
• Participate in conducting secure development training sessions for development teams
• Stay current on security industry trends and best practices implementation
• Investigate and pilot commercial and open-source application security tools
• Participate in development corporate regulations, technical reports, presentations related to application security
Або увійти за допомогою
Введіть електронну пошту, яку ви використовували при реєстрації.
Якщо адреса e-mail зареєстрована в системі, на неї буде відіслано лист.
Сайт надає послуги пошукачеві безкоштовно!
Обсяг онлайн-консультації буде сягати не більше 10 хвилин з моменту першої вашої відповіді.
Тому, під час діалогу краще залишатися на зв’язку і оперативно відповідати на всі зустрічні питання.В зв’язку з великим завантаженням, час реагування на заповнену форму може досягати однієї доби.