This position is open exclusively for Ukrainian residents within Ukraine (preferably Kyiv or Lviv).
Cossack Labs is looking for an Information Security Systems Engineer / Officer to join our team. This position might be a good fit if you are interested in analysing risks and improving information security processes and controls in modern technological companies.
We are ready to invest time in your education if you are prepared to work diligently and responsibly. Alongside technical skills, we’ll teach you leadership, time management, business context, and how to keep improving cybersecurity despite the ever-increasing entropy of the world. Responsibilities: * Assess the cybersecurity posture and maturity of client and internal technology organisations, identifying strengths and areas for improvements. * Take part in technical security audits of internal infrastructure and client environments. Analyse network architecture, system configurations, identity and access management (IAM), logging and monitoring, patch management, and other core controls. * Take part in risk assessment and gap analysis: analyse risk posture, define sensitive assets, describe top risks & threats, identify gaps in security controls coverage, suggest missing controls and policies. Think NIST RMF, NIST SP 800-53. * Outline organisation-wide and product-wide security roadmaps and plans. * Lead the delivery of cybersecurity improvement programs, coordinating across stakeholders to implement security measures. * Select, negotiate and find tradeoffs for security controls that would mitigate high-priority risks (NIST SP 800-53). * Design and draft security policies, procedures, standards and controls in line with regulations and/or relevant standards. Think ISO27K, NIST CSF, SOC 2. * Maintain and review ISMS documentation, suggest improvements.
Requirements: * 3+ years of experience working as a risk & compliance auditor, information security officer, cybersecurity consultant, or in a similar role. * Strong understanding of industry standards in cybersecurity (NIST, ISO, ITIL, ISF). * Strong understanding of security and information security controls: which ones solve which problems. * Experience in analysis of IT infrastructure, including networks, operating systems, IAM, and endpoint security. * Familiarity with cloud security concepts and practices (Azure, AWS or GCP), including cloud-native security controls and shared responsibility models. * Familiarity with core security technologies and their use cases, such as SIEM, EDR, EPP, firewalls, DLP, vulnerability management tools, and so on. * Upper-intermediate English, written and spoken. * Ability to work independently and as part of a team in a fast-paced environment.
Nice to have: * Basic knowledge in cryptography: understanding the differences between symmetric and asymmetric cryptography, hashing, KDF. * Experience in automating routine tasks: log processing, searching and detecting atypical system behaviour, etc, both on-premises and in the cloud environments. * Understanding of how large distributed systems are built or how they work. Think power plant control systems at country-scale. * Desire to work on innovative projects. * Experience working in a multicultural context.
Hiring Process: * Resume review — 1-5 business days. * Test task — estimated time 3-4 hours. * Introductory meeting with the Head of security engineering. * Technical interview with several team members. * Offer discussion.
What’s in it for you? * A sense of meaning and responsibility for those who seek purpose — we’re building "invisible texture of modern civilization“—bits of infrastructure finance, power grids, healthcare rely on, and we are trusted with very challenging aspects of it. * Competitive compensation with a flexible bonus scheme. * Hybrid work model: this position allows for a combination of in-office and remote work as needed. * UK, EU and USA clients. * Working at the crossroads of ML security, cryptographic protocol support, hardware protection, reverse-resilient mobile app development, and securing web apps for millions of users. * Public track record in the open-source aspect of our products. * Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops, and blog posts. * Paid vacation — 21 business days per year. * Paid sick leaves.
About Cossack Labs: We are a data security solutions company, providing custom bespoke solutions to innovative software development teams around the world. Our software is well-known amongst security-aware teams, recommended by OWASP, and popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems.
We work in the B2B space, with customers such as IIoT, AI / ML based systems, mission critical systems, robotics, navigation, power grid operators, payment processors, financial apps, legal companies, million-user customer applications. We cater to young ambitious startups and well-established enterprises, who use our software and solutions as core part of their security arsenal. Our customers are smart, but extremely demanding.
Markets: EU, UK, USA, UA.
More about this position -> cossacklabs.com/job/information-security-systems-engineer/ Read more about us -> cossacklabs.com/about/
Not sure, but considering? Send us an email, connect in social networks, or just ping Anastasiia in Telegram directly.
