Posted on Dec 25, 2020 by Stamford Consultants AG
Position (job title): Security Specialist
Unit: Corporate Security, Governance and Assurance
Location: Basel, remote work possible from Switzerland
Duration: ASAP - 31 March 2021 (End of Fiscal Year), extension possible
Purpose of the role
- Support the G&A team with change approval, design reviews and risk assessments, contribute to the operations of information security processes, technology, and capabilities
- Ensure security by design by providing security recommendations in alignment with standards
- Contribute to the bank's cyber protection and cyber resiliency requirements in the areas of asset and vulnerability management, risk management, awareness and training, baseline security configuration, 2nd line monitoring, and data protection
- Support and liaise with the IT, cyber security and security engineering teams in realisation of detective and response capabilities
Provide expert advice and operational experience on information security risk and control matters throughout the organisation. This includes:
- Assist with the coordination of the operations of vulnerability testing, including follow-up.
- Assist with application security program and support software developers in embedding security into the development life cycle. Support the maturing of the penetration testing strategy and support in scoping and engagement with third parties
- Review and advise on the security measures to protect the confidentiality, integrity and availability of the Bank's information assets and critical services. Contribute to reviews of the assessment methodology
- Contribute to the implementation of industry-recognised key critical controls and contribute to Corporate Security compliance mandate
- Support the team on technical security projects to develop and enhance the BIS security policies and procedures. Participate in the gathering and analysis of information from security-related sources
- Support the team with the change management review and approval process
Skills and qualifications
- Strong understanding of IT infrastructure and application architecture, including cloud technologies (Microsoft Azure)
- Familiar with industry-recognised key critical controls (eg CIS, OWASP, SANS, etc)
- Demonstrated security skills in the area of application security, penetration testing and cloud technology
- Risk Assessments and writing security documents such as policies and security standards
- Knowledge of security benchmarks such as CIS, STIG, NIST
- Strong analytical and documentation skills
- Good understanding of mobile related technologies, virtualisation, containers, as well as cloud security
- Experience with documenting and communicating results that may be consumed by both developers and management-level audiences
- Strong analytical capabilities and data-analysis skills
- Team player but technically autonomous
- Certification in security-related disciplines and technologies would be an advantage (accreditation such as CISSP or CISA).
- Fluency in English
- Experience with some of the following:
- Next Generation Firewalls
- Automation: Python/Powershell
- TFS, SharePoint, DevOps
- Exploit frameworks
- Vulnerability scanners
- Azure Security Centre
TEKsystems, an Allegis Group company. Allegis Group AG, Basel, Switzerland. Registration No. CHE-101.865.121. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available on the website.
To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go to the website.
We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on the website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. If you are resident in the UK, EEA or Switzerland, we will process any access request you make in accordance with our commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.