Ethical Hacking Technical Analyst

Brussel  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Ethical Hacking Technical Analyst

The Global Security department supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.

The mission of GS is:

  • to enable sound and formal information security risk decision making by management, and
  • to help management with implementing a proper information security management system.

Consequently, the mission of the GS Technical Security Services team consists in providing information and support to Business in the domain of Technical Security implementing proactive and reactive controls, which help to reduce their risk exposure to external and internal security threats.
One of the main activities executed is Vulnerability Management that ensures that the risk of a security breach originating from a vulnerability on infrastructure or application level is strictly controlled.

A Comprehensive Vulnerability Management Capability is supported by:

  • Ethical Hacking' activity which require the security experts to mimic the same actions as a malicious hacker would, yet within a controlled methodology;
  • Security Watch' activity which pro-actively looks for vulnerabilities impacting the IT infrastructure and maintains thriving internal community that communicates openly about security issues.

To support these activities, we are looking for an Information Security Technical Advisor.

Role:
As Information Security Technical Advisor you will carry the following responsibilities:
Ethical Hacking:
Analysis:

  • Analyze known attacks against financial services industry and contextualize;
  • Leverage and build up understanding of relevant IOC's (Indicator of Compromise) using an established threat intelligence foundations;
  • Identify weakness during different L-CSIRT qualification processes (security alerts, vulnerabilities) or incident handling;
  • Validate existing security controls and reaction plans;
  • Disseminate relevant information to internal stakeholders.

Testing:

  • Organize standard external and internal penetration tests to identify vulnerabilities and attack vectors that can be used to exploit enterprise systems successfully.
  • Organize advanced penetration tests to simulate real-world attacks against a company, challenging its defenses against electronic, social and physical exploits. These tests would identify gaps in security processes and controls that are not visible from executing standard penetration tests.

Remediation:

  • Analyze results and advise on measures to control vulnerable areas.
  • Follow-up with technical teams on remediation of identified security gaps.

Security Watch:

  • Intelligence source inventory: Leverages publicly available information to be informed of vulnerabilities on a defined set of IT assets.
  • Alert Qualification and exchange with internal and external stakeholders.

Education:
Bachelor/Master or equivalent by experience

Languages Requirement:
French and/or Dutch: Preferable
English: Fluent

Required knowledge/Experience:

3-5 years of experience in information security

Technical Experience:
Mandatory:

  • Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Mainframe, ATM, etc.);
  • Security Incident Management;

Preferable:

  • Certified Information Systems Security Professional CISSP;
  • Web Application Security Development. (OWASP);
  • Penetration Tester.

Business Experience:
Mandatory:

  • Experience in working in cross-functional departments and teams.
  • Practical exposure to process management.

Preferable:

  • Knowledge of Information Security (preferably based on ISO standards);
  • Experience within the Banking and Finance Industry.

Soft skills:

  • Team player
  • Quick self-starter, pro-active attitude
  • Good Communication and Influencing skills
  • Good analytical and synthesis skills
  • Autonomy, commitment and perseverance
  • Ability to work in a dynamic and multi-cultural environment
Start date
ASAP
Duration
6 months
From
Base 3 Systems S.A.
Published at
14.10.2015
Project ID:
1000655
Contract type
Freelance
To apply to this project you must log in.
Register