Information Security Engineer

BDH Bilişim Destek Hizmetleri San. ve Tic. A.Ş.

·         Participate as a member of the Information Security team in developing and maintaining organization’s security strategies

·         Own the architecture and management of Information Security systems which include: Centralized Logging, Intrusion Detection, Application Vulnerability Scanning, Penetration Testing, SIEM and Encryption and Key Management

·         Support security analysts with event/alert investigation escalation

·         Attend and participate in after hours and weekend maintenance as necessary

·         Perform rule tuning/optimization for the following systems: Centralized Logging, IDS, Application Vulnerability Scanning, SIEM and Vulnerability Management

·         Perform risk assessments against existing controls and technologies as well as new functionalities and architectures

·         Act as a liaison to development teams to ensure that security is being adequately addressed during application development and deployment

·         Assist in third-party vendor management and oversight

·         Identify, create and maintain security-related documentation

·         Maintain ongoing knowledge of information security technologies

·         Attend and participate in staff, project and vendor meetings

·         Maintain and ensure confidentiality of company, client and employee data

·         Participate in Incident Response investigations as a member of the SIRT Team

·         3-5 years’ experience in Information Security or a security-related field

·         Strong demonstrated understanding of systems integration, web-based applications and n-tier technologies and architectures

·         Strong demonstrated knowledge of application testing methodologies and strategies

·         Experience with application design and development from business requirements analysis through day-to-day management

·         Ability to work with development teams and individual developers to achieve desired results within defined parameters

·         Good understanding of computer systems characteristics, features and integration capabilities

·         Demonstrated understanding of business requirements/drivers and ability to integrate into security initiatives and projects

·         Knowledge of ISO 27001, HIPAA, GLBA, and other information security rules and regulations

·         Knowledge of software development lifecycles and philosophies

·         Exceptional analytical and problem-solving abilities

·         Experience coordinating initiative efforts across geographically dispersed offices and project teams

·         Ability to set and manage priorities judiciously

·         Excellent communication and interpersonal skills

·         Expert attention to detail

·         Ability to produce clean, concise diagrams and documentation

·         CISSP Certification, or the willingness and ability to obtain within twelve months

·         GCIH, CERT-CSIH or similar industry-standard incident handling certification or willingness and ability to obtain within 12 months

·         Experience working within Agile framework and continuous delivery/integration

·         Proven experience with incident response and forensic investigation and analysis

·         Essential Job Functions:

o   Interact effectively with teammates, colleagues and customers

o   Comprehend and communicate complex concepts

o   Concentrate, analyze and resolve complex problems

o   Utilize technology (e.g. phone systems, computer hardware and software applications) to fulfill work requirements