✓ Бесплатное размещение до пяти вакансий на месяц

✓ Бесплатный доступ к базе резюме

✓ Быстрое закрытие вакансий линейного персонала

✓ Недорогие тарифы для крупных работодателей и агентств

Security analyst - вакансия 13814105

Netcracker Technology Corp.

Дата обновления: 01.07.2021

Город: Воронеж

Отрасль: Программисты, ИТ, телеком

Тип занятости: Не имеет значения

Текст вакансии:

Since 1993, Netcracker Technology has been developing and implementing unique IT solutions for more than 250 customers worldwide, mostly telecom providers. We create dozens of innovative products and lead the global market of BSS/OSS solutions ready to be used in the cloud environment. Our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the cloud's opportunities, virtualization, and the changing mobile ecosystem. We are currently looking for а Security analysts to join our international Application security team and take leading roles in building of mature and protected solutions for leading telecommunication providers. The primary focus will be at security design and verification of Netcracker solutions in alignment with customer requirements, Netcracker best practices and industry security standards. Working with Netcracker solutions that process personal and other sensitive data in various functional domains like customer self-service portals, CRM, Service Fulfillment, telecom billing and Cloud solutions. A successful candidate will be involved into activities ranging from security design reviews and threat modelling to security hardening and security acceptance. What you’ll do: • Analysis and documentation of security requirements for Netcracker software solutions;• Performing security requirements, threat and vulnerability assessment of Netcracker solutions;• Review of business scenarios against security risks and security requirements;• Participate in design and engineering of security related controls within Netcracker solutions;• Review of quality and coverage of implemented security controls within the solution;• Design of access control within the solution;• Preparation of security acceptance program, including: collection of information about the solution, defining of the security test cases, prioritization of SAST, DAST and manual pen test checks;• Analysis of penetration testing and vulnerability assessment reports and prioritization of security vulnerabilities in the solution and 3rd party components accordingly to CVSS v3 and risk assessment methodologies;• Preparation of customer-facing security acceptance report;• Development of security procedures and instructions;• Analysis of solution’ data model, classification of data processed by solution accordingly to customer’ requirements and international standards;• Development of data anonymization design;• Adaptation and development of product and 3rd party components security hardening guidelines based on CIS benchmarks and vendor recommendations;• Security documentation development and support;• Participate in improvements of product and project security methodology;• Sharing of security knowledge across the organization; What we are looking for: • 3+ years in the role of security or system analyst;• Strong analytical background;• Excellent verbal and written communication. Strong analytical skills and ability to dive into technical;• Higher education in the area of IT, Engineering, Security or Mathematics;• Great understanding of essential security concepts including: threat, vulnerability, risk, segregation of duties, need to know principle, CIA, access control policy, cryptography concepts and practical implementations;• Detailed understanding of OAauth 2.0 protocol, OpenID standard and SAML standard;• Practical experience with following specifications and protocols: REST API, SOAP, JSON, XML;• Understanding and practical experience of RBAC and ABAC access control models;• Deep knowledge of OWASP top-10 vulnerabilities and attacks;• Good understanding of Linux and Docker security concepts and mechanisms;• Good understanding of X.509 standard;• Practical experience in threat modelling;• Knowledge of security industry standards and laws including: GDPR, PCI-DSS, NIST 800, ISO 27000;• Practical security engineers, IT, software development or quality assurance experience is a great advantage. We offer: Competitive salary; Medical insurance, covering dental services and online consultations with doctors; More than 300 hard and soft-skills programs by the corporate career development center; Open environment and encouraging knowledge sharing culture; Free English courses and opportunity to practice foreign languages daily; Flexible working hours and an opportunity to work remotely.

Контактное лицо: Зозулина Ксения

Контактные данные:

Чтобы связаться с работодателем, вам необходимо войти на сайт.

Форма входа находится в верхнем меню справа. Если вы еще не регистрировались, вам необходимо зарегистрироваться в качестве соискателя.