Компания

Одна из самых быстроразвивающихся на российском рынке Информационной Безопасности компания, занимает ТОП-2 в рейтинге российских быстрорастущих технологических компаний, в поиске специалиста на позицию DevSecOps.

Задачи:

• Проектирование ИБ-решений по направлению DevSecOps.
• Разработка презентационных материалов и участие во встречах с потенциальными заказчиками.
• Разработка архитектуры решений и методов реализации.
• Формирование предложений по оптимизации и развитию систем безопасной разработки у Заказчиков.
• Участие во внедрении при реализации проектов.
• Разработка проектной документации.
• Анализ новых технологий и решений, разработка новых и совершенствование существующих услуг
• Разворачивание тестовых стендов и тестирование новых продуктов

Требования

• Понимание принципов микросервисной архитектуры
• Опыт участия в проектах внедрения решений информационной безопасности, в частности в построении, внедрении, поддержки и модернизации подходов SSDLC или DevSecOps
• Опыт работы с DevSecOps продуктами (SAST, DAST, SCA)
• Опыт аудита и внедрения средств безопасности в кластера Kubernetes
• Опыт работы с системами Linux (Debian/Ubuntu/Centos) на уверенном уровне
• Владение основными инструментами DevOps (Nexus/JFrog, Gitlab/Jenkins, Ansible) и понимание принципов CI/CD
• Опыт работы с API
• Знание основных принципов безопасности веб-приложений, CWE, OWASP

Будет плюсом:

• Навыки написания скриптов Python, Bash
• Опыт построения CI/CD с использованием DevSecOps продуктов
• Опыт разработки проектных решений и рабочей документации

Looking for Security GRC (Governance, Risk and Compliance) Specialist.

Job Overview:

The person in this role will be in charge of identifying, reviewing and managing the security Governance, Risk and Compliance internal programs and initiatives, working closely with the Operation Security and Application Security Teams, as well as various internal IT teams.

Additionally, support the IT Security team in on-demand activities by being a facilitator in Initiatives with other IT Teams.

Requirements:

• 5+ years of relevant experience working in the IT security industry, including 2+ years in GRC, IT Audit, IT risk management, IT Security and/or similar compliance functions.
• Strong skills in IT Security risk management.
• Demonstrated experience in data governance framework setup and management activities in an enterprise environment.
• Experience in the development of company security policies and risk, security or audit frameworks (e.g. ISO 27001, NIST, COSO).
• Excellent communication skills in both technical and non-technical ways.
• Fluent in English and in Russian: written, verbal, listening.
• Attained a Bachelor’s degree in Information Systems, Engineering and related area (5+ years).
• Attained Сybersecurity certifications such as CISSP, CRISK, Security+, etc is a plus.
• Experience working as a Program Manager is a plus.
• Experience working in Fintech, online businesses is a plus.
• Results-oriented, commitment focused and team player.

What Will You Do:

• Continue developing, implement and manage the organization IT Security Risk Management framework.
• Identify, manage and help reduce the IT Security risk across the organization, conduct risk assessment and gap analysis reviews related to information security risk matters.
• Design, develop, implement and maintain a data governance framework across the company.
• Manage compliance initiatives.
• Develop, update, document and implement security policies and controls.
• Ensure up-to-date and effective Information Security policies, standards and guidelines are in place to address requirements from internal and external.
• Produce and manage relevant documentation and presentations, including Executive Reports.
• Conduct internal security assessments/reviews.
• Support and coordinate internal efforts to support IT compliance assessments and external security audits.
• Coordinate inputs and craft accurate and effective responses to inquiries on information security matters coming from regulators, auditors, etc.
• Support company-wide security training and awareness programs to meet training goals.
• Help in the Implementation of Security tools.
• Lead/Support Scrum ceremonies such as Refinement, Planning, Retrospectives, and Daily meetings.

Relocation to Montenegro.

Project description and requirements for Background to the assignment

The company provides Data Science support for chemistry product development and support R&D. This includes the design and development of production-ready web application to serve the developed data science model to the end-user and other things.

Therefore, the development requires a secure setup of Azure services according to an existing system architecture. To keep compliance with company's standards, the setup needs to be automated using Terraform and should follow Microsoft recommendations for security and networking. There is also a need for a proper test environment concept and deployment automation for the web application components according to the concept.

Consequently, we need an expert with sufficient expertise in connection with Azure Serverless technologies in a secure setup and their automated deployment, handling of test environment as well as logging and monitoring of serverless applications.

Backlog items will be assigned in Azure DevOps containing business requirements and acceptance criteria.

Workload based on Agile environment, 2 weeks sprints. With Sprint meetings once in two weeks and Daily meetings.

Tasks

Automation of build and deployment of web app components based on Docker container and Azure serverless technologies

• Staged deployment and test environment concept for App Service apps and Function App APIs
• Concept for deployment and hosting of API specs
• Concept for deployment and hosting of code documentation
• Concept for logging and monitoring of serverless functions App Service apps and Function App APIs

Automation of Azure services provisioning based on Terraform

• Setup of Azure App Service, Function App under consideration of Azure security recommendations and automation via Terraform
• Setup of Cosmos DB under consideration of Azure security recommendations and automation via Terraform

Documentation of technical implementation which is subject to approval by the client.

Who are we?

The fintech startup working on the first large-scale e-wallet in region. We aim to provide people with simple and convenient alternative to cash.

Job description

• Design cloud security architectures and perform architecture design reviews
• PCI DSS subject matter expert ensuring company’s security architecture is fully PCI compliant
• Define, prioritize, and measure our efforts in achieving and maintaining public and private cloud security in environments such as AWS working with engineering teams
• Implement, maintain, and improve existing industry best practices of operational security controls such as:

-Audit mechanisms

-Vulnerability management

-Data classification

-Encryption and data security

• Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
• Ensure effective coordination between IT Security, Private Cloud, and Infrastructure through collaboration with engineers

Job Requirements

• Strong foundations in software engineering, specifically at the architectural level
• Strong foundations in public cloud (Amazon Web Services, Google Cloud Platform, Microsoft Azure)
• Strong foundations in Kubernetes or Kubernetes like environments (stateless services, auto scaling, pod communication)
• Knowledge of Infrastructure-as-Code and concepts related to automated infrastructure management using tools such as Terraform
• Knowledge of cloud security best practices including Identity Access Management (IAM), network security, modern cloud security architecture, and platform specific security and governance tools
• Knowledge with CSPM platform like Wiz Orca etc
• Knowledge in Service Mesh Architecture
• Understanding of the ISO 27001/27002, COBIT, and ITIL frameworks are required