Our client is currently looking forward to strengthening the IT Security team by hiring a Senior Security Audit and Control Engineer. Our client is a mid-size company (800 employees) active in research and engineering and based in Luxembourg.
As part of the Security Information Service and under the supervision of the Head of Information Security, you will define, implement and follow the various necessary steps required for security compliance of the management system. You will be required to propose, create and follow security indicators which translate an adapted and pertinent level of security.
You will manage the technical audit missions (internal/external pen tests, configurations, hardening) of the information systems. Consequently, you will analyze the risks, deviations and malfunctions, as well as make proposals for improvements or correctives actions to put in place.
Your mission also includes active participation in the implementation and maintenance of the Business Continuity Plan.
- Continuous analysis of security indicator needs and security controls
- Assessment and analysis of information security risks and threats
- Define and implement relevant KPI and dashboard
- Participation in security technical audits
- Definition of Action plans in cooperation with the different actors involved
- Active contribution to the Business Continuity Plan project
- Ensuring the collection of appropriate data to evaluate security, including the KPI updates
- Implementing remediation action plan
- Contribution to the implementation and review of security documentation
- Contribution to the definition and control of the management of access rights
- Active contribution to the continuous improvement of the company Information Security management system life cycle
- Providing knowledge and expertise on Information Security to all staff members
You hold an engineer degree or master specialized in security/cybersecurity in IT, with a minimum of 5 years of experience in the field of Information systems.
For this role it’s important you have a very good knowledge of:
- Audit methodologies of security management systems (ISO27K)
- Continuity management methodologies (ISO22301)
- Security risks management and methodologies
- Access and identity tools and methodologies
- Good overall knowledge of IS, IT components of IS architectures and security in the area of software development lifecycle (web and database security) and IT technical areas
- Certification: ISO27002, CISA or CEH is considered as an asset
- Network architecture and protocols TCP/IP, IPV6, WiFi, mobile telephony, ToIP, DNSSec, SD-WAN
- Authentication servers AD, ADFS, LDAPS, radius, MFA
- Office 365 security: CASB, AIP, etc.
- Operating systems (VMWare, Windows 10, Windows Server, Linux, Ubuntu, CentOS, Mac OS)
- Containers (docker, kubernetes, etc.)
- System scripting language (Powershell is an asset, bash, python, etc.)
- Databases (Oracle is an asset, MySQL, SQL)
Additionally, we expect that you have a good knowledge in domains, tools or technical aspects such as:
- Security software and materials related to web, Cloud and mobile resources like:
- Firewalls, NDR, WAF, IDS, IPS, NAC, DLP
- Switches, DNS
- CASB and security gateways for email and web accessEDR, antivirus, antispam
- Encryption solutions
Ideally you also have a proven experience in:
- SIEM solutions – Splunk is an asset
- Security, scanning and vulnerability detection tools for IT infrastructures or web applications components
- Monitoring, supervision and measuring tools and methodologies of SI
- Log collection and event analysis
- Communication protocols: http, https, ssl, ftp, ssh, VPNs, etc.
For more information please feel free to contact Nicolas Hurlin by phone on +352 26 29 45 20.
THE RECRUITER is a recruitment and executive search company specialised in ICT – Telecoms – Digital – Cleantech – Services & Industry. THE RECRUITER empowers companies in their recruitment and HR projects, trusting that Human Factor, thanks to committed, motivated and implicated people, will bring success and added value in any business. THE RECRUITER defines its core values as: transparency, flexibility, professionalism and commitment. We apply these rules to any HR project we are in charge of.