Beschreibung
Security Configuration Consultant (m/f)
About our client
Our client is one of the biggest manufacturing companies with a global scope.
On behalf of our client, Swisslinx is currently looking for a Security Configuration Consultant to join global T&T initiative within Service Management area.
Your mission
- Ensure that the systems and applications operated within the company are appropriately configured for security purposes
- Manage the deviations from the configuration standards
- Work with service providers, application and system owners to ensure required configurations are implemented and managed
- Interact with other security departments with regards to assessing the risk deriving from configuration deviations
- Ensure that for all relevant appropriate hardening guidelines are available and adopted to security needs. Work together with the service providers to ensure that the hardening guidelines are implemented.
- Define the report format, reviews the security configuration reports from the providers, triggers timely provision of reports, requests changes updates etc. Review and check completeness of reporting results and also quality of the provider reports.
- Assess the reports and risk deviations from expected configuration. Maintain a database of deviations and accepted exceptions.
- Review exceptions and manages escalations of unaccepted deviations. Works with service providers and InfoSec Risk Management in cases of different assessments of risk
- Communicates deviation to the relevant organizations for mitigation and also exceptions to all relevant bodies.
- Report the security status in terms of security configuration to the relevant bodies (ie InfoSec Management, Service Management)
- On-boarding of new applications, systems, service providers etc. Integration of new service providers into the Security Configuration Management processes and activities.
Your background
- Graduate level with IT focus or equivalent practical experience
- At least 4 years of experience in Information Security
- In-depth security configuration knowledge of the following: Windows Server OS, Linux Server OS, Cisco iOS, SAP, AIX, SQL, Oracle Databases or IaaS cloud solutions
- In-depth knowledge of security configuration baseline documentation such as Center for Internet Security - Security Benchmarks, US Defense Information Systems Agency - Security Technical Implementation Guides, or SANS Top 20 Critical Security Controls
- In-depth knowledge of ISO Certification for ISMS, Sarbanes Oxley (SOX) Compliance, and international data privacy laws
- Knowledge of security auditing and vulnerability assessment tools such as RSA Archer, QualysGuard, FireEye Retina, Onapsis, or Rapid 7-Compliance
- Knowledge of security auditing and vulnerability assessment techniques & methodologies
- Senior stakeholder management experience
- Very strong communication skills
- Fluency in English
What's on offer
- Work for one of the biggest manufacturing companies globally
- International working environment
If you think of yourself as a highly motivated, ambitious person, please apply via email: (see below). For further information, do not hesitate to contact.