Information Security Engineer
Global financial institution.
- Working in international multilocation environment
- Provide a security service where your part is to design, plan and coordinate the deployment of a new security infrastructure or component. This will be achieved by collaboration with other technical teams.
- Support to organize the process of automated creation of security on-boarding and reporting. Here, communication with various support groups and notification of stakeholder groups on the service status will be required.
- Cyber Protection offers a wide range of security tools, therefore the candidate should be open to support different kind of detect & prevent capabilities. Furthermore, this includes to evaluate and work on different IT applications and products that would allow to offer the security service.
- Initially, two security services are considered, however over time, the role can be developed further by support of other detect and prevent technologies:
a) service that allows scanning of Container environment (OS oriented not applicative) in the Cloud platform
b) service that allows the assessment of an application’s source code to uncover vulnerabilities and security flaws
- Manage continuous service improvements and/or enhancements to build and maintain strong security capabilities including e.g. handling of vulnerability false positives or strengthen detect & prevent capabilities.
- Write and review technical documentation.
- Consider regulatory aspects and compliance level of the security solutions incl. cloud (native) security in the financial industry
- University degree in IT, business informatics, or comparable education
- Experience in information security management, ideally in the financial industry or comparable regulated business environment e.g. through internships
- Ability to structure complex matters and drive them to resolution
- Basic knowledge in cyber security tooling for On-Prem and Cloud propositions
- Knowledge for already established security infrastructure and components may be beneficial:
a) Knowledge in Container and Orchestration environment such as Docker, Kubernetes or Openshift
b) Knowledge in Ethical hacking
c) General knowledge in Application Code development (e.g. C/C++, Java, Java Script & frameworks)
d) Knowledge of OWASP community and documents
e) Knowledge in build tools and openness to learn new tools (e.g. make, ant, Jenkins, maven and gradle)
- Strong communication and interpersonal skills with talent in building relationships with professionals of all organisational levels
- Strong analytical skills, reliability, and direct responsibility
- Ability to firmly present complex topics in an understandable manner
- Proficiency in written and spoken English
- Fluency in German
- Certifications like CISM, CISA or similar
- Knowledge of general legal and regulatory conditions and requirements in the financial industry, for example ISO 2700x, German BSI IT-Grundschutz, NIST, or COBIT
- Work mostly from home
- Flexible start/end of working hours
- Contributions to the pension / life insurance
- Contribution to sport / culture / leisure
- Education allowance
- Individual budget for personal growth
- Educational courses, trainings
- Transport allowance
- Meal tickets / catering allowance
- Refreshments on workplace
- Corporate events
- Holidays 5 weeks
- Sick days