Security Expert

Are you a talented and passionate Infrastructure and Security Expert?

• Would you like to be part of a team that develops new products for a fin-tech company, specialized in attractive, secure and cost-effective payment solutions?
• Would you like to help establish the company from scratch, by setting up and finding out the needed legal regulations and standards?

Then we like YOU to join our dynamic PaySociety team.

Responsibilities

Focus is on three functional areas;

1. Information Security Engineering, Design and Implementation support;
2. Information Security Operations and Operational Support;
3. Continuity of Operations and Disaster Recovery (COOP/DR) development and support.

a: Security Engineering, Design, and Implementation Tasks include but are not limited to:

• Assess the effectiveness of the existing cyber security program, including identification of the strengths and weaknesses of the infrastructure/network installation, applications and application services, critical utilities, and implemented communication technologies;
• Analyze and evaluate network, subsystems, components, controls and security criteria for vulnerabilities and weaknesses;
• Define and manage a security infrastructure roadmap in collaboration with the customer's networks and security organizations;
• Lead and support as necessary, projects that implement next generation access and security infrastructure components;
• Provide technical design, implementation planning, testing and troubleshooting expertise for security infrastructure components;
• Investigate and utilize new technologies, tools and techniques to enhance security capabilities and performance;
• Recommend countermeasures, security techniques, tools and vendor products to mitigate security vulnerabilities and strengthen the overall security posture.

b: Operations and Operational Tasks include but are not limited to:

• Monitor and manage the overall security posture using appropriate tools and technologies;
• Identify necessary Incident Response actions needed to mitigate threats, steps needed to restore services, and appropriate Security Event and Incident Management (SEIM) tools;
• Perform security monitoring, data/log and forensic analysis, to proactively detect security incidents and threats;
• Plan for and perform periodic security audits to validate that the security posture satisfies IS and facility security requirements;
• Develop Standard Operating Procedures (SOPs) for the monitoring and management of the overall IS and facility security posture;
• Use best practices and standards recommended by NIST and the DoD, to include Security Technical Implementation Guides (STIGs), and Vendor/Manufacturer recommendations;
• Implement and document risk assessments to include continual processes and procedures.

c: Continuity of Operations and Disaster Recovery (COOP/DR) Tasks include but are not limited to:

• Develop specific Contingency Plans (CPs) that define and describe actions that must be taken to protect network assets from damage in the event of a disaster or emergency;
• Develop a basic recovery strategy, including specifications for recovery procedures by system/subsystem/component/ priority;
• Identify recovery priorities, and define specific responsibilities for various organizational elements;
• Identify facilities and resources that can be used to provide COOP/DR short term and long-term support;
• Coordinate with the customer and the Operations Group to periodically test the COOP/DR processes and procedures;
• Update various documents and SOPs with lessons learned from the tests.

Qualifications

Required Skills/Activities:

• Maintain close technical involvement with all contributing development and customer organizations;
• Define and recommend security requirements;
• Design and implement security solutions to include necessary hardware, software, and SOPs;
• Assist in security technical design reviews;
• Support updates to security documentation.
• Plan and conduct Security Test and Evaluations (ST&E) to ensure compliance with customer requirements;
• Perform risk analysis and develop risk mitigation strategies;
• Brief management and employees as often as necessary;
• Security engineering, requirements development, analysis, and validation;
• Understanding of physical and facility security, to include Access Controls, Duress Systems, Mass Notification Systems, and IP CCTV.

Ideal Skills:

• CISSP certification or equivalent Experience in DoD Information Assurance, Cyber Security, and Information Technology project management;
• Extensive knowledge and understanding of current DoD Information Assurance strategies, risk management, governance structure and policies;
• Hands-on working knowledge of network devices such as routers and switches, enterprise systems, such as Active Directory, Windows Servers, VPNs, Remote Access, Multifactor Authentication, Virtualization;
• Must have knowledge and understanding of cloud-based platforms, hosting and the various options available.

Qualifications include:

• Bachelor's degree in a technical or analytical discipline;
• 12+ years IS and Cyber Security experience;
• Security Plus (Sec+) or equivalent certifications;
• Excellent written and verbal communication skills in English;
• Able to interact and communicate with customers, engineering staff, and management;
• Proven experience with network security components such as Firewalls, Intrusion Detection and Protection (IDS/IPS) systems and tools;
• Proven experience working in or supporting an SEIM environment, with appropriate monitoring and management systems, software, appliances, and tools;
• Wiliness to travel to support Operating Companies in different countries and customer requirements.
• Capability to work with people in different time zones.
• Be able to work in a multi-disciplinary and multi-jurisdictional environment
• Be a self-starter