Вакансия Security Analyst

5 вакансий
Специализация: Business Analysis
Уровень: Senior
Опыт: 3 года
Уровень английского: Не важно
Город: Минск
Режим работы: Полный день
Размер компании: 9680

We are looking for Security Analyst to join our international Application security team and take leading roles in building of mature and protected solutions for leading telecommunication providers. The primary focus will be at security design and verification of Netcracker solutions in alignment with customer requirements, Netcracker best practices and industry security standards. Working with Netcracker solutions that process personal and other sensitive data in various functional domains like customer self-service portals, CRM, Service Fulfillment, telecom billing and Cloud solutions. A successful candidate will be involved into activities ranging from security design reviews and threat modelling to security hardening and security acceptance.

Responsibilities:

  • Analysis and documentation of security requirements for Netcracker software solutions
  • Performing security requirements, threat and vulnerability assessment of Netcracker solutions
  • Review of business scenarios against security risks and security requirements
  • Participate in design and engineering of security related controls within Netcracker solutions
  • Review of quality and coverage of implemented security controls within the solution
  • Design of access control within the solution
  • Preparation of security acceptance program, including: collection of information about the solution, defining of the security test cases, prioritization of SAST, DAST and manual pen test checks
  • Analysis of penetration testing and vulnerability assessment reports and prioritization of security vulnerabilities in the solution and 3rd party components accordingly to CVSS v3 and risk assessment methodologies.
  • Preparation of customer-facing security acceptance report
  • Development of security procedures and instructions
  • Analysis of solution’ data model, classification of data processed by solution accordingly to customer’ requirements and international standards
  • Development of data anonymization design
  • Adaptation and development of product and 3rd party components security hardening guidelines based on CIS benchmarks and vendor recommendations
  • Security documentation development and support
  • Participate in improvements of product and project security methodology
  • Sharing of security knowledge across the organization

Background and Skills:

  • 3+ years in the role of security or system analyst
  • Strong analytical background
  • Excellent verbal and written communication. Strong analytical skills and ability to dive into technical
  • Higher education in the area of IT, Engineering, Security or Mathematics
  • Great understanding of essential security concepts including: threat, vulnerability, risk, segregation of duties, need to know principle, CIA, access control policy, cryptography concepts and practical implementations
  • Detailed understanding of OAauth 2.0 protocol, OpenID standard and SAML standard
  • Practical experience with following specifications and protocols: REST API, SOAP, JSON, XML
  • Understanding and practical experience of RBAC and ABAC access control models
  • Deep knowledge of OWASP top-10 vulnerabilities and attacks
  • Good understanding of Linux and Docker security concepts and mechanisms
  • Good understanding of X.509 standard
  • Practical experience in threat modelling
  • Knowledge of security industry standards and laws including: GDPR, PCI-DSS, NIST 800, ISO 27000
  • Practical security engineers, IT, software development or quality assurance experience is a great advantage

We offer

  • Opportunities for career development
  • Professional growth in the international business environment
  • Medical insurance for employees
  • Friendly atmosphere, sports activities and corporate events
  • Salary will be discussed individually with the successful candidate
A49b819bed04074ce7d482104a92e020
Представитель компании
Вакансии компаний