As the Group Cyber Security Expert, your main duties & responsibilities will be:
• Report directly to the VO Chief Information Security Officer (CISO)
• Define and maintain, as part of a core team of experts, the security policies and requirements for Solutions, Information Technology and Systems (IT&S), within global security policy
• Ensure data protection, both on-premises and in the cloud, and in case of cyberattacks, establishes an action plan to counter them
• Verify and enforce IT&S security policy, security requirements and robustness levels, where appropriate through 3rd party audits
• Develop security-by-design solutions in the company, by enforcing security measures in software development, integration and deployment processes
• Perform security analyses / threat modelling
• Monitor vulnerability reports, dispatch alerts and follow up fixes
• Be a leading expert on state-of-the-art in security standards, keep abreast of anticipation projects and competing technologies
Skills:
Improve the process and update the tooling for handling security alerts for vulnerabilities
Investigate and implement tooling in the CI/CD chains to enforce and verify K8S and cloud security policies
Improve authentication and access control to the information system (fully enforced password policy, Identity Provider deployment, digital vault for credentials …)
Improve the security of users’ PCs and the infrastructure (more hardening of OS server, more firewalling, more encryption, etc.)
Improve IT&S updating (centralized management of third-party software updates, monitoring, obsolescence management, etc.)
Improve the centralisation of logging of the entire information system
Study and set up a Security Operation Center for a VO service platform
Define and carry out training and awareness sessions on cyber security
Areas of expertise
• Ability to deploy our security policies across our on-premises and cloud-based IT infrastructures.
• Hands-on experience with defensive & offensive security approaches, penetration testing etc.
• Good technical knowledge in IT infrastructure design
• Experience with cloud and orchestration technologies
Transversal and personal skills
• Proficiency in English
• Hands-on, proven ability to deliver
• Autonomous worker, willing to take ownership and lead
• Enjoy continuous learning about new technologies
• Strong collaboration & communication skills
Complementary skills valued
• Experience with security standards (in particular ISO 27k) and proper certifications
• Familiarity with SAFeAgile framework incl. DevSecOps
• Experience with content protection technologies
Transversal and personal skills
• Ability to articulate security issues to technical (e.g. auditors, customers etc.) and non-technical audiences
• Ability to work in a multi-national organization with remote teams