Information Security Consultant
Романија (Општина Центар) IT development
Job description
· Work with clients to review security requirements and assess the security posture to identify gaps or improvements
· Consulting on and conception of solution modules for the secure design of applications, products and solutions of Accenture clients worldwide
· Participates in designated projects, developments or business initiatives, advising on information security risks
· Play an active role in developing security technical architecture design which supports a robust technology solution, taking into account the client business priorities, technical requirements and client specific security requirements
· Translate business processes in technical requirements and implementation
· Research and development in the field of IT security, including the topics of secure architectures, web security, cloud computing security and IoT
· Supports the development and implementation of the Data Protection Policy (including GDPR)
· Perform design and implementation security reviews
· Design and implement technical solutions to harden our clients' platform
Desired profile
Qualifications :
Basic qualifications:
· Successfully completed university studies in the field of computer science or engineering, preferably with a focus on IT security, cyber security or information security
· 3+ years of working experience in at least two of the following areas: Security Monitoring Implementation and Support, including Incident response (SIEM – ArcSight, Splunk, DLP etc.), Cyber Security (Enterprise Penetration Testing, Adversary Hunting, IoT/Embedded Security etc.), Infrastructure Security (IPS/IDS, NextGen Firewalls, VPN technologies, AntiSpam, Proxy,etc.), Identity and Access Management (Oracle Identity Management, Sailpoint IdentityIQ, Forgerock, Oracle Access Management, RSA etc.), Application Security (Data security & privacy, APIs Security, SSDLC, Threat modeling etc.)
· Sound knowledge and pronounced interest in IT security
· Experience in implementing security controls to improve system/platform overall security
· Current understanding of Industry trends and emerging threats
· Knowledge in security standards and regulations: NIST, ISO, PCI DSS, GDPR, PSD2
· Ability to work independently and pro-actively contribute in a global team environment
· Excellent interpersonal, organizational, documentation, and communication skills; able to concisely communicate security risks to both technical and business audiences
· Presentation skills with a high degree of comfort delivering presentations to both large and small audiences
· Understanding of applications, server, and network security and compliance requirements (including operational requirements needed to be GDPR compliant)
· Knowledge and experience with identifying and understanding the most common application security vulnerabilities (OWASP Top 10)
· Fluency in English
· Travel availability
Nice to have:
· Previous technical background in:
- Web application development/ architecture or related fields
- JAVA, .NET, PHP, Ruby, Perl, Python and/or C/C++ experience
· Industry certification from vendors: ISC2, ISACA, GIAC, EC-Council, CompTIA, ITIL, Comptia Security +
· Knowledge in Risk and Compliance Management, Operational Models, Business Continuity Plan, Disaster Recovery Plan
· Solid understanding of network services, vulnerabilities, and attacks
· Knowledge of SIEM tools / Log Analysis
· Experience in security assessment for enterprise products using different tools, manual penetration testing methods and code review
· Experience in risk assessments in connection with GDPR requirements, including data security, security breach notifications, privacy by design and fair processing
· Understanding of emerging IoT/Mobile technologies and communications protocols
· Experience developing IoT solutions by getting hands one experience with devices and code
· Hands-on experience with IT security in the cloud environment as an architect, in development and/or operation, especially AWS and Microsoft Azure
· Previous experience in adjacent areas such as, Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk support