Infrastructure Security Specialist
About EvaBssi
EvaBssi is an international consulting firm in cybersecurity and IS performance.
EvaBssi has been assisting large accounts and small & medium enterprises in the luxury goods, banking, industry, and services sectors, as well as government agencies for 15 years.
Specialized in cybersecurity, cloud and infrastructures, EvaBssi combines methodological know-how, high level of technical expertise and R&D.
An answer to our clients’ challenges:
- Control cyber risks
- Identify, protect, detect, respond and recover
- Design, build and operate innovative and efficient IS
EvaBssi has been awarded the HappyAtWork© label and has 8 offices on 4 continents.
Description
- Work closely with SOC, CERT and other security teams and Infrastructure skill teams in daily operation and review security requirements
- Exception management: Evaluate and manage infrastructure security exceptions
- Vulnerability management: Conduct scan, assessment and remediation follow-up
- Incident management: Report and follow security incidents and their remedial actions
- Request / Change management: Conduct security assessment for infrastructure request & changes
- Review security architecture proposed by other infrastructure teams
- Deliver innovation initiative to improve overall infrastructure security and efficiency
- Manage and execute the Infrastructure related security projects
- Be the security Interface with stakeholders at all levels, from technical engineers to senior management
- locally, regionally and globally
- Work closely with other risk and security departments, including all 3 lines of defence
- Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among
- Infrastructure teams to contribute to external stakeholders reporting and requests
- Conduct security & risk awareness training to the Infrastructure teams
Requirements
Knowledge
- Knowledge and hands-on experiences in IT, Infrastructure and information security
- Knowledge and experience in IT infrastructure (speak the language, expertise not required)
- Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
- Project management experience is desired
- Knowledge and experience in a banking environment will be beneficial but not essential
- Knowledge in the MITRE ATT&CK framework and hands-on experience on security incident investigation processes & techniques
- Security knowledge in the Public Cloud, development and specific Infrastructure domains are a plus
- Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory
Tools
- Hands on knowledge on Security Products/tools such as Identity Management Solution, SIEM, vulnerability management and other security products
- Scripting and automation skills is a plus
Soft Skills
- 3 - 5 years relevant experience
- Able to organize time, multitask, and define priorities (autonomy)
- Able to interact with all level of the organization from operators to executive management members
- Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
- Good communication and interpersonal skills
- English proficiency is essential, other spoken languages in the APAC region or French is an advantage