- 17 april 2018
- vacaturenummer: 9051297
The Technical Leader, Information Security is primarily responsible for all ongoing activities related to analyzing and documenting security vulnerabilities in operating system software, program products and application software that involves all business lines.
He/She will provide technical experience and expertise for clients environment related security issues and will aid in the development of security guidance in compliance with security policies and procedures, regulations and law.
Responsibilities and Duties:
Establish and satisfy highly challenging and complex system-wide software information system security (ISS) requirements based upon the analysis of user, operational, policy, regulatory, and resource demands. Apply expertise to systems and networks requiring specialized software security features and procedures. Support the development, implementation, and operation of ISS-enabling technologies, processes, and procedures.
The Technical Lead, Information Security will be responsible for the following activities and functions:
- Collect and understand security guidelines, processes, policies (Audit and security), rules and regulations from the enterprise security group and the production and infrastructure groups supporting the subsystem.
- Analyze and identify how these enterprise/infrastructure guidelines apply to this environment and provide missing pieces of the security puzzle. Articulate the enterprise level security criteria in application, system and network level to the sub-system technical team comprised of system engineers, developers, system administrators etc.
- Work with Corporate Security and Regional Security teams to develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
- Ensure that a complete, accurate and valid inventory of all systems, infrastructure and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.
- Review and assess security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications or user profiles.
- Conduct vulnerability assessments and other security reviews of systems, and prioritize remediation based on the risk profile of the asset and guidance from Corporate Security and other executive management.
- Conduct security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization.
- With guidance from Corporate and Regiona Security, or the individual responsible for overall security direction, and in conjunction with Security Operations colleagues, establish procedures — including escalations — for when Indicators Of Compromises (IOCs) are discovered.
- Coördinate with the privacy officer to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommend controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).
- Validate and maintain security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
The following minimum skills are required:
- Minimum 6-8 years of technical experience in the software security aspects of multiple computer platforms, operating systems, software products, network protocols and system architecture.
- Security Certifications such as CISSP, CISM, CISA, Security+, CCNA preferred.
- Excellent in English.
- Bachelors Degree preferred but associates degree, military experience, or equivalent job experience will be considered with certifications.
- Knowledge to assist through the perform penetration assessment, threat models, security code reviews, network penetration tests, host reviews and integrate security testing methodologies.
- Development of security procedures and standards that aligned with corporate objectives
- Experience with application security testing tools such as Nexpose, Crowdstrike, Sophos,
- Direct, hands-on experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology
- Knowledge of database environments like Oracle, MS SQL and DB2, a plus
- Knowledge of the OWASP Methodology
- Mastery of security architecture methodologies, Industry best practices and generally accepted information security principles.
- Experience and familiarity with PKI, Digital Certificates, SSL, MD-5, IPSEC
- Experience in using tools, techniques and technologies for securing large infrastructures, including intrusion prevention and virus detection, firewalls, DMZs, TCP/IP, cryptography, SSL, and LDAP.
Een jaarcontract bij Yacht waarbij je na dat jaar in dienst treedt bij de klant.
Het gaat om een fulltime aanstelling op basis van 40 uur. Uiteraard krijg je mooie marktconforme arbeidsvoorwaarden geboden.
Het betreft een internationaal bedrijf met vestigingen over de hele wereld dat gespecialiseerd is in las oplossingen.
Voor meer informatie neem je contact op met Marike Schuring-Peeters via telefoonnummer 06-20695261
Werken voor Yacht
Yacht is dé organisatie van en voor professionals. Wij verbinden professionals en organisaties die het verschil willen maken. Ons doel is optimaal resultaat: jou als professional uitdagend werk bieden waarmee jij de organisaties van onze opdrachtgevers blijvend verbetert. Behoor jij tot de beste professionals in jouw vak? Wil je samen met vakgenoten het verschil maken bij toonaangevende organisaties? Dan willen we jou graag leren kennen.
Uiteraard staat deze vacature open voor zowel mannen als vrouwen.
Deze vacature wordt via YACHT aangeboden. Het solliciteren en verdere contact verloopt via YACHT.