Findmore Consulting S.A. is a company specialized in Information Technologies founded in 2006 and with more than 400 consultants. Our services include infrastructure and cloud, software development and agility where contribute to major projects in Portugal and Europe.
Main Tasks & Responsibilities:
• Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and hostbased security systems;
• Develop and validate baseline security configurations for operating systems, applications, and networking andtelecommunications equipment;
• Perform internal and external technical control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action;
• Perform source code reviews;
• Perform network and application penetration testing ( Black box, Grey box and White box);
• Defining detailed security architecture;
• Performing technical security audits;
• Perform log analysis and security monitoring;
• Perform IT infrastructure/ Application Security configuration reviews;
• Design and implement technical security mechanisms and technologies;
• Design and develop technical security standards and procedures.
Main Technical Requirements:
• Security best practice guidelines (ISO 27001, NIST, SANS Top 20 OWASP, etc.);
• Good practice in the secure configuration of servers, network devices and applications;
• Networking protocols and application communications;
• Network analysis tools;
• Securing Unix and Windows operating systems;
• Securing middleware and applications;
• Network penetration testing;
• Web application penetration testing;
• Vulnerability assessments;
• Forensic image collection and analysis;
• Managing/deploying the following security technologies: Firewalls;
IDS/IPS - Intrusion detection/Prevention Systems, SIEM – Security information and event management;
IAM –Identity and access management;
APT – Advanced Persistent threat detection;
DLP – Data loss prevention;
VA – Vulnerability Analysis and mitigation;
PKI – Public key infrastructure;
Virtual environments;
Endpoint security;
Mobile security;
Communications and data encryption ;
Remote access methods;
Backup and disaster recovery methodologies;
• Open Web Application Security Protocol (OWASP) and secure software development standards;
• Performing security code reviews;
• Security monitoring, threat detection and incident response;
• Proactively and iteratively searching through networks and applications to detect and isolate advanced threats that evade existing security solutions (Cyber threat hunting);
• Security operations engineering (e.g. implementation of defensive measures, threat intelligence production);
• Linux administration, TCP/IP, Network Security;
• Security configuration reviews of IT Infrastructure and security devices, OS, Databases etc;
• Certified Information Systems Security Professional with Information Systems Security Architecture Professionalconcentration (CISSP-ISSAP);
• Certified Information Security Manager (CISM);
• Certified Information Systems Auditor (CISA);
• OSCP, OSCE, GPEN, CEH, CCNA, CCNP.
Other Requirements:
• Good level of English - minimum B2 (mandatory);
• Positive mindset and ability to work in an international and distributed team;
• Autonomous and proactive, able to suggest and discuss new ideas and solutions;
• Desire to learn and share knowledge;
• EU citizenship;
• Out-of-the-box and continuous improvement mindset.
SEND YOUR APPLICATION TO: [email protected]