IT security Analyst

Project Overview:

Intellias is working as partner for Ukrainian entity of Top European Retail Bank in scaling of engineering capacity and deliver great software.

The client is a Ukrainian entity of Top European Retail Bank. We are starting the innovative project in area of Card payments, reporting, accounting.

Goal of project is to implement modern infrastructure to achieve Customers growth, Increase sales & x-sell, Improve customer service, current IT landscape optimization and simplification.

Project team will be 60+ people splitted on several streams/ cross-functional teams.

Delivery Model: Scrum

Project roadmap: 2-3 years (we are planning long-term engagement of the team).

Requirements:

• Knowledge of PCI DSS requirements;
• Knowledge of National Bank of Ukraine information security requirements;
• Practice experience in implementing security solutions (SIEM, DLP, IPS);
• Understanding of authentication & authorization mechanisms (OAuth, SAML, Kerberos);
• Deep understanding of encryption protocols for both stored and transmitted data;
• Ability to build a threat model and develop compensatory measures;
• Understanding of the application vulnerabilities and how are they related to the development process;
• Experience of implementing security controls and practices into the system under development;
• Experience with payment systems and internal security controls;
• Must have verbal and communication skills;
• Industry certifications will be a plus (CISSP/OSCP or similar).

Responsibilities:

• Learn business function and requirements for the developing system and align it with security requirements of the bank;
• Implement security controls into business functions and system requirements on early stage of development;
• Implement security controls and internal bank's security requirements through the work with development team and meetings with managers;
• Explain security requirements to the development team and System Owners;
• Establish control over execution of security requirements through the SDLC process on all stages of development;
• Monitor and evaluate security metrics for the system;
• Report the status to the head of information security department of the bank;
• Evaluate System for weaknesses and write technical reports.