网络安全工程师
2.5-4.5万西安市本科不限经验
职位描述
The Threat and Controls Assessment Senior Analyst role will work as part of a global team to perform Threat Modelling
This role will report into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.
Key Responsibilities:
Perform effective threat and control assessments of services within our internal, external and cloud estate.
Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.
Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.
Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.
Identify threats across the IT estate; including applications, databases, network and other infrastructure components.
Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.
Stay up to date with industry new trends and best practices.
What you will bring to the role
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
Mindset
An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
Positive and professional attitude, team player, flexible and adaptable, embraces change
Good Risk and Controls understanding
Knowledge and exposure of Risk and Control Management
Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders
Desirable to have one or more industry-recognised cybersecurity-related certifications such as CISSP or Cloud Security Certifications
Strong Technical background
Proven experience in general security concepts and principles
Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
Strong understanding of applications design and architecture
Knowledge and experience with network, host and application security practices
Knowledge and understanding of one or more of the Cloud Service Providers – AWS, GCP or Azure
Understanding of Software Development Life Cycle (SDLC) with a focus on security
Experience in continuous improvement and process optimisation.
Understanding of emerging technologies and corresponding security threats
Strong stakeholder management and communications skills
Experience of working in international and diverse environments
Experience in engaging with business, technology, regional and regulatory stakeholders
Ability to communicate to key stakeholders – effectively translating technical gaps into business risk
Ability to complete tasks independently to a high quality standard
Self-motivated individual with strong analytical and problem solving skills
Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change
Interpersonal Skills
Influential, credible and persuasive, active listener, Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management
Some travel may be required.
20,861+ 岗位更新等你来订阅
一键订阅最新的岗位,每周送达
🎉恭喜你,订阅成功
继续订阅您可以在邮箱中随时取消订阅