(Senior) InfoSec Engineer Project Advisory

Our client is a trailblazing pioneer in the Tobacco Manufacturing Industry. What sets them apart is their unwavering commitment to innovation and progress. They have embarked on a remarkable journey of transformation, with a resolute aim to create a smoke-free future. This ambitious endeavour has completely redefined every aspect of their business, from the production and distribution of their products, to how they interact with their customers and society as a whole.

By embracing this transformation, our client is leading from the front, with their pioneering vision and steadfast determination to create a smoke-free future.

With a workforce of more than 75,000 talented individuals worldwide across 180 countries, they have truly established themselves as a global leader in the industry. 

Responsibilities:

• Be a trusted partner for IT teams in ensuring that systems used across the Company are designed, implemented and operated in a secure manner
• Support IT teams in understanding applicable internal and external information security requirements and effectively embedding them in the deployment of new systems or evolutions of existing systems
• Advise on technologies, techniques and configurations which should be in place to ensure an adequate level of system security and data protection in line with those requirements
• Identify cybersecurity gaps in systems using a wide variety of methods, including architecture reviews, threat modeling, configuration assessments, and various forms of security testing
• Describe identified issues in the form of reports and ensure that relevant partners understand the risk that those vulnerabilities pose to the Company
• Advise IT teams on how to replicate identified issues and remediate them in the most effective and cost-efficient way
• Keep up to date with the constantly evolving cyber threat landscape and the latest developments in application security and IT risk management

Requirements:

• Minimum 4 years of experience in cybersecurity, preferably focused on application security or IT audit
• Industry-recognized information security certifications, e.g. CISA, CISSP, CISM
• Proven track record in conducting technical security assessments, vulnerability assessments and configuration reviews
• Demonstrated experience in effectively translating and communicating security and technology risk implications across technical and non-technical stakeholders
• Demonstrated experience in understanding and articulating the impact of vulnerabilities on existing and future designs, and how easy or difficult it will be to exploit these vulnerabilities
• Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies and cloud environment (AWS, Azure)
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)