Работа специалист по безопасности

Iterasec works with clients worldwide, helping them find vulnerabilities and secure their products. Our projects range from mobile/web applications to complex modern automotive stacks. We work with both small product companies as well as Fortune 500 enterprises.

We are looking for a talented and motivated Junior Security Consultant who will join our security team to work on penetration testing and vulnerability/cloud security assessment projects.

We expect a short motivation letter where you can explain your skills, achievements and motivation.

Required skills

- Solid non-commercial cybersecurity experience, such as HTB/THM
- Junior-level cybersecurity certifications would be a plus.
- Comfortable with basic application security testing and common vulnerabilities (like OWASP Top 10, CWE Top 25) and cybersecurity fundamentals
- Strong basic IT skills: Linux, networking (TCP/IP, DNS, HTTP etc.)
- Some experience in scripting/coding languages, such as Java, JS, Python, Shell, etc.
- Strong drive to learn and develop cybersecurity skills
- Technical English (Intermediate)

We offer

- Good salary + bonus system
- Rewarding environment: brilliant team ready to share knowledge and collaborate
- Support in obtaining professional certifications, such as BSCP, OSCP, eWPTX, cloud certifications, etc.
- Courses and conferences which are relevant to the position are sponsored by the company.
- We are a remote-first company with full WFH support and a flexible work schedule.

Responsibilities

- Execute penetration tests and security assessments as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps
- Conduct security research

P2H is a service IT company with a product approach and 17 years of experience in the industry. We build complex corporate solutions for large businesses and government organizations in different countries. Today we are reaching a new level and are looking for an experienced Information Security Specialist who will take part in preparing the company for ISO 27001 certification.

Your impact
- Development and support of standards, procedures, policies for the preparation and certification of the company according to the ISO27001 standard.
- Development and support procedures to ensure compliance with information security legislation
- Interaction with internal and external stakeholders on the issues of bringing the company's processes in line with information security standards
- Verification of the completeness of the internal and external audit of information security
- Continuous improvement of information security management processes in the company

We are looking for someone who
- Has an experience in Information and Cyber Security for 2+ years
- Has in-depth experience and understanding of security frameworks, standards and best practices relevant to information security (e.g. ISO 27001) covering implementation, oversight or audit experience
- Speaks fluent in English
- Is a strong communication and proactive person

Nice to have
- Understanding of QMS, experience with BPMN/UML diagrams

Our benefits
- 24 days for rest, 10 days for health and well-being
- Unlimited recovery from covid
- Сoworking space – compensated partially. Unlimited coworking in Lviv and Vinnytsia, where P2H coworking spaces are located.
- Unlimited learn and development budget
- Sports club membership – compensated partially
- Free online English lessons
- Full accounting and legal support for private entrepreneurs

Recruiting process
- Online interview with a recruiter — 20-30 minutes.
- Interview with Head of QMS and PM Lead— up to 1-1.5 hours.

Чекали на справжні професійні виклики? Наймасштабніша в Україні розробка кібербезпеки банківського ПО на усіх рівнях для тисяч проектів та співробітників. Шукаємо Application Security Engineer, який сформує архітектурне бачення та втілить рішення разом із найкрутішою командою. Обговоримо?


Про проект
Головною метою проекту є впровадження та управління практиками безпеки в існуючих процесах розробки. Проект передбачає впровадження безпеки на всіх етапах: управління, проектування, реалізація, верифікація, операції. Задачі полягатимуть у дослідженні, впровадженні та вдосконаленні практик безпеки.

Наш виклик – це забезпечення безпеки у:
- тисячах проектів;
- сотнях команд розробки, тестування та експлуатації;
- різноманітності технологічного стека;
- різноманітності архітектурних рішень;
- різноманітності підходів у розробці, тестуванні та доставці коду.

Ми пропонуємо можливість отримувати досвід роботи над S-SDLC у масштабах найбільшого банку країни.

Обов'язки:

- Оцінка, впровадження та розвиток практик S-SDLC;
- Застосування інструментів, побудова процесів для автоматизації та контролю практик;
- Робота із стейкхолдерами проекту;
- Проведення технічних досліджень;
- Аудит безпеки портфеля додатків, інфраструктури та використовуваних технологій;
- Консультування команд розробки та інших підрозділів з питань інформаційної безпеки;
- Проведення доповідей, воркшопів, презентацій для навчання працівників;
- Створення документів, що регламентують практики, які впроваджуються.

Вимоги:

- Вища технічна освіта, бажано у сфері інформаційної безпеки;
- Досвід від 3-х років у сфері ІБ, розробці чи менеджменті ІТ;
- Розуміння кожного з етапів циклу розробки;
- Розуміння технологій, інструментів розробки та доставки коду;
розуміння практик циклу безпечної розробки;
- Знання флагманських проектів OWASP;
- Розуміння архітектури та принципів клієнт-серверних додатків;
- Знання мережевих протоколів;
- Розуміння структури та призначення компонентів додатків (ELK, MySQL, Redis, Rabbit, Apache kafka та інше);
- Хороші комунікативні навички, вміння презентувати свої ідеї та напрацювання;
- Знання англійської мови на рівні достатньому для читання літератури та базової комунікації.

Буде плюсом:

- Практичний досвід застосування в організації OWASP SAMM / Microsoft SDL чи інших моделей S-SDLC;
- Практичний досвід впровадження нових процесів в організації;
- Досвід проведення тестів на проникнення, аудитів безпеки;
- Сертифікації у сфері інформаційної безпеки.

We are looking for a qualified information security and software manager with experience in administering employee accounts and credentials, setting up & configuring tools, and creating automations.

Your responsibilities:
🔹 Set up & configure accounts for employees (Jira, Google WorkSpace, etc.)
🔹 Configure company tools and manage security
🔹 Manage credentials in 1password (maintain groups, vaults rotate passwords, etc.)
🔹 Update/improve existing security related processes in the company
🔹 Build & maintain different security monitoring tools
🔹 Configure, troubleshoot, and maintain company tools & software
🔹 Write technical documentation, manuals, and IT policies for employees

Your skills:
🔸 Good level of English (both writing and speaking)
🔸 Experience with access control for cloud services (e.g. GCP & AWS)
🔸 Knowledge of different Operating systems; hands-on experience with command-line tools
🔸 Experience with gathering data from different sources (e.g. via APIs); knowledge of SQL would be a plus
🔸 Ability to create basic automations (using Zapier or other tools, or any scripting language)
🔸 Ability and drive to learn and develop cybersecurity skills
🔸 System Administrator certificate, degree in Information Technology or Computer Science would be a plus
🔸 Experience with SOC 2 or ISO 27001 certification would be a plus

PROJECT
As a part of the Security Research Team, you will be part of a team of highly skilled and sometimes quirky hackers, intelligence researchers and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet human.

REQUIREMENTS
Deep knowledge of how the internet and web browsers work. Proficient knowledge of JavaScript
Understanding of threats, fraud, information security vulnerabilities, and other cyber security-related events
Bachelor’s degree and 4-8 years of experience in related fields (i.e. browser security, intelligence analysis, digital forensics, threat hunting, government analysis) 
Track record of independent, creative problem solving with large amounts of complex data
Ability to write high-quality documentation
Willingness to give presentations both internally and externally

NICE TO HAVE:
Skills in developing processes and methodologies for investigations
Experience with training teams
One or more cyber-related certifications (i.e. CISSP, GCFA, GCFE, Sec+)
Python or other coding experience
Dynamic or static analysis of software using 3rd party tools
Databases  (SQL) experience
PERSONAL PROFILE
You are a curious, persistent person who is always thinking out of the box that wants to apply your knowledge to always do the right thing
You are open, transparent, and can work in tight collaboration with anyone
You are comfortable communicating in a decentralized work environment and across organizations

RESPONSIBILITIES
Play a lot with the web-browsers, trying to find differences in behavior between them
Research and develop signal collection on both mobile and desktop, which enables detection and defense deployments
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer
Find ways to hide or otherwise game ad placements on the web and mobile environments.
Understand customer specific requirements, deliver with impact and exceed customer expectations
Share security research topics through research talks, knowledge base and external engagements including media interviews and conference presentations, detailing your discoveries for internal and external sharing
Discover adversary tactics, techniques, and procedures leveraged by bots
Create and validate data insights to enhance detection excellence
Find bad stuff on the internet, see if you can figure out how it is done, document it
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first
Stay abreast of cyber security trends and events related to our mission
Contribute high impact work that substantially benefits team level metrics and OKRs
Develop techniques, tools, and scripts to simplify yours and others work

The Information Security Assistant Manager will contribute, with the help of IT personnel and the company’s CISO, in identifying, developing and maintaining policies, standards, procedures, guidelines and corresponding control framework to ensure security compliance with ISO27001 framework.

Requirements:
- IT Security and risk management experience and background
- Knowledge on ISO27001 framework GDPR regulation
- Knowledge about IT infrastructure (Cloud), operations, software, hardware, tooling, data flows, change control, BC/DR
- Experience in IT management, Information Security or CyberSecurity (Preferred, but not required)
- BS in Computer Science, MIS or similar field
- Upper-intermediate English

Responsibilities:
- Conduct the continual improvement, maintenance and development of ISO27001 Information Security Management Program
- Quarterly check on completeness of internal auditing of ISO27001.
- Performing risk and control assessments and deep dives within various product and technology teams
- Oversee information security audits performed by third-party personnel
- Create and deliver training and awareness program for the personnel globally
- Develop, maintain, implement, and support procedures and measures to ensure compliance with all applicable Information Security legislation
- Understanding the operational environment of the equipment and the cyber security risks that this presents, identifying threats, vulnerabilities and mitigations
- When necessary. engage with internal and external stakeholders on the company’s IT risk posture

We offer:
- Flexible work schedule (8-11 am — 17-20 pm)
- Annual paid vacation (20 working days) and 10 days of sick leave
- Remote work or office in Kharkiv or Gdansk (Poland)
- Medical insurance
Sending your CV, please let us know about your salary expectation

Divoro розвивається, як постачальник послуг керованої безпеки (MMSSP - Managed Security Service Provider) у просторі кібербезпеки.
Ми команда з 30 професіоналів у сфері безпеки, які прагнемо захистити наших клієнтів і розвиватися разом як команда та компанія.

Зараз ми в пошуках Спеціаліста з Інформаційної Безпеки в нашу команду.

Твоїми обов'язками будуть:
➢ Вести бізнес-комунікацію стосовно питань безпеки, конфіденційності від клієнтів і потенційних клієнтів.
➢ Співробітництво з ключовими лідерами бізнесу та ІТ для розробки політик безпеки, стандартів, інструкцій та процедур для забезпечення конфіденційності, цілісності та доступності систем і даних компаній.
➢ Підтримувати існуючі політики інформаційної безпеки в актуальному стані.
➢ Розробляти та впроваджувати програми навчання та підвищення обізнаності з інформаційної безпеки.
➢ Створення матриці ризиків безпеки та структури; налаштування й удосконалення засобів контролю безпеки для корпоративного середовища.
➢ Консультувати власників бізнесу щодо їх ризиків інформаційної безпеки та відповідальності за мінімізацію цих ризиків.
➢ Контролювати GDPR, CCPA та інші процеси дотримання нормативних вимог.
➢ Забезпечення сертифікації безпеки компаній-клієнтів.

Важливо, щоб ти мав:
➢ Відмінні усні та письмові знання англійської мови.
➢ 1+ релеватного досвіду в Менеджменті інформаційної безпеки.
➢ Теоретичні знання в Ризик-менеджменті.
➢ Чудові комунікативні та міжособистісні навички.
➢ Швидке вивчення нових інструментів і концепцій на високому рівні
➢ Вміння працювати самостійно та в команді.

Буде плюсом:
➢ Розуміння життєвого циклу розробки програмного забезпечення, ІТ-процесів.
➢ Знайомий з Jira, Confluence, SharePoint etc..
➢ Розуміння принципу роботи Cloud-систем.
➢ Знання або досвід будь-якої з наступних систем/стандартів: ISO 27001; NIST; SOC2 інше).
➢ GDPR, CCPA та інші нормативні відомості.

Ми пропонуємо:
➢ Крутий досвід роботи в глобальній компанії з кібербезпеки.
➢ Можливість розвиватися разом з компанією в будь-якому обраному тобою напрямку.
➢ Прямий контракт з американською компанією.
➢ Відкриту, професійну команду, яка підтримає та допоможе розвиватись.
➢ Оплачувану відпустку та лікарняні.
➢ Оплачуване професійне навчання.
➢ Медичне страхування після випробувального терміну.
➢ Гнучкий початок робочого дня.
➢ Віддалену роботу або офіс в Києві з гарантованим світлом та інтернетом 😊

Responsibilities:
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects system by defining access privileges, control structures, and resources.
• Recognizes problems by identifying anomalies with tools, reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Upgrades system by implementing and maintaining security controls.
• Keeps users informed by preparing performance reports, communicating system status.
• Collaborate with vendors to perform penetration testing for internal and cloud environment.
• Run vulnerability scans and remediate vulnerabilities

Job Qualifications and Skills
• Worked as a security manager/engineer for a SaaS company
• Develop and implement Information security policies and procedures
• TOP 10 for Web Applications
• Aware about PCI-DSS technical requirenments
• Well-versed in security operations, cyber security tools, intrusion detection, and secured s
• Securing Java applications
• Write correlations rules for security alerts

Applications and Tools Experience
• (WAF system)
• Cloud security
• Vulnerability management tools (e.g. SecureTrust, Greenbone or Qualys, OpenVAS, Tenable, Nexpose)
• Collaborate with DevOps for secure System Administration (most Linux, less Windows and MacOS)
• Security (Firewalls, Open VPN/Meraki VPN, equipment)
• Security operations center tools like InsightIDR from Rapid7 (or Splunk or similar)
• Logging tools like or Sumo Logic, Mode, , Athena

Security certifications (one of below or equivalent):
• CISSP - Certified Information Systems Security Professional
• SCS-C01 - Security Specialty
• Security+ - from CompTIA

We offer
Strong career opportunities for professionals
A variety of international projects and mobility across them
Career development support and professional certification opportunities
Competitive compensation, advanced bonus systems
Flexible working schedule with a remote possibility
Medical insurance
Corporate, ial, and cultural event

The role:

The candidate will be a subject matter expert, coordinate the team and responsible for:

— Performing cyber response, threat intelligence, monitoring and detection activities as part of the client’s engagements

— Building SOC’s from scratch or providing recommendations for improving the existing ones

— Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them

— Provide expert analysis investigative support of large scale and complex security incidents

— Support development of both technical and organizational solutions to address client’s issues

— Combine technical and conceptual knowledge to generate valuable reports

— Train and mentor junior staff on the cyber response matters

Experience and skills required

The ideal candidate should:

— Possess Bachelor and/or Master degree in Technology, Engineering, or Business studies with Information Systems major/minor along with deep interest in technology risk, security and IT governance

— Have strong research, analytical, organizational, problem solving and inter-personal skills

— Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences

— Minimum 2-3 years of previous experience in security operations and/or minimum 1 year in team lead role

— English — Intermediate (B1) and higher and/or a strong desire to improve English skills in a short time

— Strong IT and network skills — knowledge of common enterprise technologies — Windows and Windows Active Directory, Linux, Cisco, cloud solutions etc.

— Have a good working knowledge of information security principles, techniques and current\emerging threats, and a dedicated and self-driven desire to research and learn more in this field

— Strong understanding of security operations technologies including SIEM, EDR, SOAR/IRP, IDS/IPS, TIP etc.

— Ability to develop relevant alerting, countermeasures, and threat hunting techniques

— Have experience with security related regulatory requirements, such as NIST, PCI/DSS, ISO 27001, NBU

— Preferred experience using Python, PowerShell, Bash, or an equivalent language

— Preferred security certifications (e.g., GIAC\SANS, CREST, Offensive Security, CEH, Mile2 and similar)

Hi, we are ESKA, a team of experts who plan, create and develop the most reliable innovative cyber security solutions in Ukraine. Related to growth, development and international expansion we have a target to add our team with new members. So we are looking for The Advanced Network Engineer.

If data protection is your passion and you want to be part of a real professional team, feel free to send us your CV.

What awaits you with us?
The team. With us, you will become part of a real team: simple, sincere, honest, open and zealous people who are dedicated to their work;
Innovative technologies. We carefully monitor information and cyber security innovations, choose the best new tools, so you will always be in a good professional form;
Flexibility. The world changes quickly, we strive to move in the same rhythm: locations, schedules, approaches, communications. We combine flexibility in processes with strict requirements for the quality of the end result.

Qualifications:
Bachelor's degree in Computer Science, Computer Engineering or related field.
5+ years of experience in network engineering.
Strong knowledge of routing protocols such as OSPF and BGP.
Experience with firewall technologies such as Cisco ASA or Check Point.
Experience with load balancing technologies such as F5 or Citrix Netscaler.
Experience with network security concepts and best practices.
Strong analytical and problem-solving skills.
CCNP or CCIE certification is a plus.

Responsibilities:
Design, implement, and maintain network infrastructure including routers, switches, firewalls, and load balancers.
Configure and troubleshoot network issues in a timely manner.
Monitor network performance and optimize as necessary.
Collaborate with other teams to ensure network security and compliance with industry standards.
Research and recommend new technologies to improve network performance and security.
Provide mentorship and guidance to junior network engineers.

This is a part-time position with flexible working hours.

If you are a highly motivated and skilled professional with a passion for data privacy and compliance, we encourage you to apply for this opportunity.