lavori da Information Security Specialist in località Regno Unito

We are looking for exceptional systems & software engineers who love to solve complex security problems fundamentally from first principles. This is not your typical IR or analyst role; we spend large percentages of our time on project work, balancing this with our operational duties such as detection engineering and incident response. If you're ready to make a tangible impact and drive innovative security projects, apply now to join our global team and help shape the future of security at Almosafer.

Responsibilities:

• Build, deploy and maintain large scale security systems across our ecosystem.
• Research, innovate and improve our security capabilities through new and enhanced tooling.
• Develop smart automation strategies to reduce the need for manual alert triage.
• Conduct detection engineering to increase coverage, identifying malicious activities across Almosafer’s endpoints, infrastructure, networks, and cloud environments.
• Investigate alerts and potential incidents end-to-end, including digital forensics, malware analysis and threat intelligence as needed.
• Lead incident response efforts and respond to intrusion attempts and suspicious activities, collaborating with multiple Almosafer teams.
• Participate in red team exercises and threat simulations in order to identify gaps, improve competencies and expand the team’s knowledge.

Profile Requirements:

• Strong programming skills in Python and/or Go.
• Practical experience with BeyondCorp or ZeroTrust security models.
• Proven expertise in one or more detection and response related areas such as:

- digital forensics (forensic artefacts, disk and cloud acquisition and analysis, forensic tooling e.g. GRR, Timesketch)

- malware analysis (static and dynamic analysis, using tools like IDA Pro and Ghidra)

- incident management and response (coordinating large scale or impactful security events with multiple stakeholders)

- host/network intrusion detection (able to parse and understand large and often unfamiliar logs and systems)

- network telemetry (understanding network flows, PCAPs and technologies like Zeek)

- threat intelligence (have an understand of how to model a threat actor and their TTPs)

- threat hunting (know how to find suspicious activity or IOCs across data lakes)

• Understanding of operating system internals, with a core competency in two or more of the following including file and disk structures, forensic process, security controls, hardening, scripting and binary investigations: macOS, Windows, Linux
• Advanced knowledge of cloud infrastructure, including being able to build and deploy systems and investigate security events across two or more such as: Amazon Web Services, Kubernetes, Google Cloud Platform
• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 3+ years of experience in the field of incident response, detection engineering or related security disciplines

1. Cybersecurity Expertise

• Security Frameworks and Standards: Familiarity with common security frameworks and standards, such as NIST, ISO 27001, CIS Controls, and GDPR compliance.
• Threat Intelligence: Experience in identifying and mitigating evolving cyber threats, including malware, ransomware, phishing attacks, and DDoS (Distributed Denial of Service) attacks.
• Incident Response: Ability to lead and manage cybersecurity incidents, including investigation, containment, mitigation, and recovery processes.
• Vulnerability Management: Skilled in identifying, assessing, and mitigating vulnerabilities in systems, networks, and applications.

2. Network Security

• Firewall Management: Configuring, managing, and optimizing firewalls and other perimeter security devices to control traffic and prevent unauthorized access.
• Intrusion Detection and Prevention: Experience with intrusion detection/prevention systems (IDS/IPS) to monitor and respond to security events.
• VPN and Secure Remote Access: Expertise in designing and managing Virtual Private Networks (VPNs) and secure remote access solutions to ensure safe connections for remote workers.

3. Identity and Access Management (IAM)

• Authentication and Authorization: Implementing and managing secure authentication methods, including multi-factor authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control (RBAC).
• Access Control: Managing user access to critical systems and data based on business needs and ensuring compliance with the principle of least privilege.

4. Data Protection and Encryption

• Data Encryption: Understanding and implementing data encryption techniques for data in transit and at rest to protect sensitive information.
• Backup and Disaster Recovery: Ensuring robust data backup and disaster recovery solutions are in place to protect against data loss and ensure business continuity.

5. Compliance and Risk Management

• Regulatory Compliance: Ensuring the organization’s IT security measures comply with industry regulations such as HIPAA, PCI-DSS, GDPR, and others.
• Risk Assessment: Conducting security risk assessments, identifying vulnerabilities, and implementing mitigations to reduce risk exposure.
• Audit and Reporting: Preparing regular security reports and audits to ensure compliance with security policies and standards.

6. Security Operations and Monitoring

• Security Monitoring: Setting up and managing security monitoring tools (e.g., SIEM systems) to detect anomalies, suspicious activity, and potential breaches.
• Security Event Analysis: Analyzing security events and logs to detect patterns, investigate incidents, and determine the root cause of security issues.
• Penetration Testing: Conducting or overseeing regular penetration tests to identify weaknesses in the organization’s infrastructure.

7. Cloud Security

• Cloud Platforms: Expertise in securing cloud environments (e.g., AWS, Azure, Google Cloud) and ensuring that cloud services comply with security standards.
• Cloud Access Security Brokers (CASBs): Implementing and managing CASBs to ensure secure cloud usage and prevent data breaches in cloud environments.

8. Security Tool Management

• Security Tools: Proficiency in security technologies, such as firewalls, anti-virus software, encryption tools, SIEM (Security Information and Event Management), and vulnerability scanners.
• Automation: Leveraging automation tools for vulnerability management, patching, and incident response to reduce manual effort and improve efficiency.