DevOps Information Security Engineer
Location: Novi Sad, Belgrade
PhoenixNAP, a CCBill integration partner, offers state-of-the-art data center solutions including security-focused cloud services, dedicated servers, disaster recovery and backup services, as well as colocation and network solutions. Our steadily expanding global footprint currently includes services in Phoenix, Ashburn, Chicago, Atlanta, Amsterdam, Belgrade, and Singapore.
As a global IaaS provider, we focus on leveraging newest technologies, providing excellence of service, and continuously developing new solutions to support our clients’ needs. phoenixNAP is a Premier Service Provider in the VMware Cloud Provider Program and a Platinum Veeam Cloud & Service Provider partner. We are also PCD-DSS validated service provider and our flagship facility is SOC Type1 and SOC Type 2 audited.
The DevOps Information Security Engineer is responsible for providing technical expertise related to infrastructure and software security design, implementation, and support of a new product set for the company. He/she will help contribute to automation-first DevOps teams to increase our efficiencies, ability to scale, and reduce our time to market.
He/she will be responsible for researching and developing new tools and processes for overseeing internal and external vulnerability and penetration tests as well as maintaining a positive security and compliance posture for our products. The DevOps Information Security Engineer will interact with traditional information security teams to ensure the company maintains standards across the software and infrastructure of various product lines.
Key Job Responsibilities:
- Provide analytical and technical security recommendations to other team members, oversight boards, and clients. Identify requirements, based on needs or resulting from a security issue that puts the organization’s systems at risk.
- Perform network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social engineering assessments.
- Meet with clients and management to help specify and negotiate application security requirements, review current policies and procedures for applicability, maintain system OS security patch levels, and ensure the safe transition of applications to production.
- Develop technology to automate security monitoring.
- Recommend effective security configurations and architecture to active members in technical work groups
- Liaise with the Enterprise Architect, Network Engineering, and Enterprise Management Teams to effectively communicate and architect security solutions.
- Develop documentation to support ongoing security systems operations, maintenance, and specific problem resolution.
- Work and coordinate with traditional information security teams to share ideas with a goal of maintaining proper company-wide security standardization.
- Provide risk analysis for product features and architecture decisions.
- 3+ years’ experience working with information security issues affecting financial service organizations and/or cloud-based application service providers.
- Extensive experience in systems administration, security devops processes, system hardening, and patch management strategies.
- Experience with system automation frameworks (Puppet, Terraform) and CICD pipeline (Jenkins, GitLab CI/CD).
- Knowledge of cloud native technologies, key management solutions, and networking strategies.
- Specific security-related experience including data-at-rest encryption, certificate validation, IDS/IPS, firewalls, SIEM and log management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessments including: cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10, and SANS Top 25.
- Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
- Possess at least one of the following professional designations (or one of similar stature):
- Certified Information Systems Security Professional (CISSP).
- Certified Information Security Manager (CISM).
- Certified Information System Auditor (CISA).
- Certified Information Security Manager (CISM).
- Certified in the Governance of Enterprise Information Technology (CGEIT).
- Excellent verbal and written communication skills in English.
- Ability to communicate with and understand the needs of non-technical internal and external clients.
What we offer:
- The highly talented, professional and friendly team.
- The ability to use cutting edge technologies.
- Private health insurance.
- Introductory training.
- Possibility for personal and professional growth.
- Flexible working hours.
- Free soft drinks, fruit, tea, and coffee.
- Social activities and very friendly working environment.
If you are interested in this position, please send a covering letter and CV in English!
Deadline for applications: 22.03.2020.