Cyber Security Analyst
Posted on Mar 27, 2021 by Base 3
Required Technical and Professional Expertise
- Proven experience in security risk assessments, development of functional security requirements, process design and management reporting.
- Familiarity with industry best practices in key security domains like: risk assessments, identity and access management, PKI, network security, secure application development, data protection.
- Application security knowledge with a good understanding of software development and testing, OWASP (Open Web Application Security Project) guidelines, code scanning tools, security and compliance automation using a CI/CD pipeline.
- Knowledge of and experience with security technologies including IDAAS (Identity as a service) and identity management platforms, Secure access management and federation services, PKI and cryptographic solutions, web application Firewalls, endpoint security
- Knowledge of and experience with security technologies covering domains Virtualisation, Software Defined Networks, Cloud IAAS/PAAS/SAAS, Network and DMZ infrastructure, VOIP, Wifi, 802.1x, Anti-malware, System protection, Middleware, Collaboration and end-user workspace solutions, Storage (SAN, NAS), Databases, infrastructure automation services (Infrastructure as a code)
- Preferred professional certifications are CISSP, GIAC, SABSA, ISO 27001 LA/LI. Specific Security related Product certifications are considered an asset.
- Define and advise on the design, implementation and test processes necessary to protect information system assets.
- Perform risk assessments and translate the security architecture and high-level policies and controls towards security requirements (secure by design) for business and IT projects.
- Contribute to the architectural design and validate it against the security requirements
- Define security testing requirements and penetration test scope, actively support the testing teams to perform these tests and approve the test reports.
- Define, implement and ensure the proper functioning of security trust services in line with IT security policies.
- Recommend and advise on new or improved security services towards the division management.