Specialist, Cyber Security

Key Responsibilities

• Analyze new security features request, build the cross-functional dependencies with respect to functional and non-functional requirements, provide end to end solution, and lead the solution deployment and development
• Take ownership of current solutions, including a Redhat SSO (Keycloak) platform and related Authentication and Authorization framework, providing support to multiple tenants and lifecycle management
• Lead delivery of Secret management and TLS certificate management for several projects in IoT.
• Review proactively current deployed security architectures and measures, and recommending and implementing enhancements
• Conduct regular system tests and ensuring continuous monitoring of network security
• Create and deliver best practice recommendations, tutorials, sample code, and presentations adapted to technical teams
• Automate manual tasks where appropriate using Ansible and similar tools
• Establish disaster recovery procedures and conducting breach of security drills
• Promptly respond to all security incidents, coordinate with other internal security teams, and provide thorough post-event analysis
• Deploy and maintain various security and non-security solutions hosted both on-prem in Openstack or OpenShift, or in-cloud

Critical Qualifications

• Excellent written and verbal communication skills
• Proactive and well organized, leadership and soft skills
• Able to advocate for your technical roadmaps and solutions to less-technical business and management teams, using business benefits
• +10 years of experience working in IT infrastructure, system administration of Linux environment, and software development.
• Very familiar with networking and network troubleshooting in a complex multi-cloud environment
• Thorough understanding of the latest security principles, techniques, and protocols.
• Experience with network security and networking technologies, and with system, security, and network monitoring tools
• Experience with solutions for AAA (Authentication/Authorization/Accounting) including MFA SSO, and Identity Management, Encryption, Event correlation, Identity management, and Access management
• Knowledge and understanding of Authentication and Authorization protocols and artifacts: OpenID Connect, JWT token, OAuth2, SAML, etc.
• PKI & TLS knowledge (HTTPS, Encryption, Signatures, etc.)
• Production experience with Openstack, OpenShift, and Kubernetes, including sidecar functionality (Istio, consul, etc.)
• Solid understanding of Zero Trust Pillars, frameworks, and implementation strategies
• Knowledge and understanding of Endpoint Detection and Response (EDR) solution and implementation strategies
• Knowledge and experience in security systems, including firewalls, WAF, intrusion detection systems, anti-virus software, authentication systems, log management, etc
• Experience building automation using orchestration tools such as Ansible, and Infrastructure-as-code tools, such as Terraform
• Programming experiences plus source code management using Git, MR & PR workflows, code reviews. Comfortable building and maintaining CI/CD testing and deployment pipelines.
• Ability to build and maintain utility or automation scripts in bash or python
• Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability
• Good working knowledge of current IT risks and experience implementing security solutions
• Ability to interact with teams and individuals with a wide range of security understanding to explain and ensure alignment on security measures

Preferred Qualifications

• Production experience with KeyCloak/Redhat SSO deployment, configuration, and operation
• Linux Administrator/Engineer certification
• Internet of Things (IoT) framework and main protocols knowledge such as MQTT and CoAP
• Messaging Bus: AMQP, Kafka
• Knowledge of Wireless and Mobile networks, especially 5G, LTE-M, LoRA, NB-IoT as asset
• Programming and automation language knowledge and experience: Node.js, Java, Ansible
• Knowledge of HashiCorp Vault
• Security certifications: CISSP, SSCP, CEH, Security+, CISA
• Azure certification
• Kubernetes certification
• FortiNet and F5 knowledge as asset