Project Description

• Leading initiatives in the area of system security (vulnerability and compliance checks, system hardening tests, vulnerability notifications, result verification, monitoring and reporting of open findings).
• Providing expert consultations and support to IT teams in understanding vulnerabilities and their remediation.
• Designing and implementing procedures for remediation of vulnerabilities and critical audit findings, including monitoring of corrective actions.
• Performing daily operational tasks in security management in line with policies and best practices.
• Creating security guidelines, processes, procedures, and baseline configurations in compliance with internal rules and international standards.
• Conducting security risk analyses of architecture and proposing mitigations for identified risks.
• Expertise in public and hybrid cloud environments and related risks.
• Developing knowledge in the area of Cloud Native Application Protection Platform (CNAPP) and compliance scanning.
• Collaboration takes place in a hybrid mode (2–3 days onsite).

Project Requirements

• At least 5 years of experience in IT Security, IT Risk, and Compliance Management, of which at least 2 years in a multicloud environment.
• Advanced experience:
  • Excellent knowledge of infrastructure, platform, and application security principles (network infrastructure, OS, databases, middleware, web applications, endpoint hardening).
  • Proven experience with vulnerability management tools (e.g., CrowdStrike Falcon Exposure Management, Rapid7).
  • Ability to recommend adequate security measures to ensure confidentiality, integrity, and availability of systems, including regulatory requirements.
  • Communication in English (B2 level or higher) – international team, all documentation in English.
• Advantage:
  • Professional security certification (CISSP, CCSP, CISM, CompTIA+) or motivation to obtain one within 1–2 years.
  • Knowledge of ITIL and preferably ITIL certification.
  • Experience with system security tools and CNAPP solutions (Aquasec, Rapid7, CrowdStrike, etc.).

‍