Security Analyst (Remote)
  • Ukraine
  • Luxoft Ukraine
1 year before
31.01.2024
Protect and Defend
Cyber Defense Analysis
Job Description

Project Description

One of the world's largest providers of products and services to the energy industry has a need to develop and support cloud-based enterprise information system in Oil & Gas domain.

Our project is stable, long-term and constantly adopts new technologies.

DevOps practice is tasked with the development, provisioning, operations, and performance of a global, multi-region, multi-cloud software as a service, and developer integration platform.

Work supposes close cooperation with Customer team located in Houston and following Agile principles.

Our team is senior, supportive and friendly.

In this role candidates will operate independently and as part of a team to ensure that all software, hardware, and related components are protected from cyber attacks. Duties will include developing security systems, analysing current systems for vulnerabilities, and handling any and all cyber attacks in an efficient and effective manner. Candidates should have strong IT skills and a deep understanding of cyber attacks methodology, including but not limited to Fortify SCA scans, WebInspect scans, RAF developing, and overall security policies development and deployment.

Responsibilities

Validate the fixes performed by developers in

Fortify for vulnerabilities

Follow up with Developer on open vulnerabilities

Share reports of open, closed vulnerabilities

Develop unique, effective security strategies for software systems, networks, and cloud provider

Safeguards information system assets by

identifying and solving potential and actual security problems

Protects system by defining access privileges,

control structures, and resources

Recognizes problems by identifying abnormalities;

reporting violations

Implements security improvements by assessing current situation; evaluating trends; anticipating requirements

Determines security violations and inefficiencies

by conducting periodic audits

Upgrades system by implementing and maintaining

security controls

Maintains quality service by following

organization standards

Contributes to team effort by accomplishing

related results as needed

Skills

Must have

Thorough knowledge of Fortify and SAST scans hands-on experience
Thorough knowledge of WebInspect and DAST scans hands-on experience
Software Composition Analysis (SCA): X-Ray scans hands-on experience
Application development skills (programming languages: Python, Java, C#, Angular)
Solid application risks assessment practical experience
Application risk management experience (Understanding of the Risk Acknowledgement Form (RAF) approach)
AWS cloud services administration
Internal documentation creation experience
On-call security incidence troubleshooting
Process improvement
Problem solving
Excellent communication skills

Nice to have

AWS cloud services practical experience and certification
Fortify SCA certification (Cybersecurity Maturity Model Certification (CMMC))
CISSP, CISM, OSCP, CEH certifications
Kubernetes deployment and maintenance hands-on experience
Automation: Terraform
Good knowledge of Microsoft Active Directory services
Firewall and security group administration practical experience
Good understanding of AICPA SOC2 controls and processes
Thorough knowledge of network security and protocols
Knowledge of cryptography protocols and hands-on experience in SSL certificates generation
Penetration testing hands-on experience in Azure and AWS cloud environments and Kubernetes clusters.
Web and desktop applications penetration testing hands-on experience.

Languages

English: B2 Upper Intermediate

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0065   Knowledge of policy-based and risk adaptive access controls.
  • K0167   Knowledge of system administration, network, and operating system hardening techniques.
  • K0168   Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • K0297   Knowledge of countermeasure design for identified security risks.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).