(Senior) Information Security Expert in Oberkochen bei ZEISS Group
(Senior) Information Security Expert (f/m/x) in Oberkochen bei ZEISS Group
Information Security Experts are part of the InfoSec (abbreviation for Information Security) Technical Advisory team which is responsible for advising on technical information security subjects. Such advisory is based on best practices and is closely related with business functions and requirements of the ZEISS group. Furthermore, the team maintains tasks related to ensure technical advisory is state of the art.
The (Senior) Security Expert is responsible for all Vulnerability Management and Pentesting efforts (e.g. Red Team – Blue Team) and activities.
As a (Senior) Information Security Expert, you coordinate and cooperate with other departments and functional areas, to ensure vulnerability management and related security measures are well understood, implemented and maintained. Your tasks are done in close coordination with the Security Monitoring activities in the SOC (Security Operation Center) team and other relevant stakeholders, fostering an effective Information Security Monitoring and improvement of the Incident Detection capabilities. In addition to that, you act as functional lead and advise on solutions and best practices to Pentesting, Vulnerability Management or other Security Monitoring activities throughout the organization.
Your role
- coordinate and cooperate with other departments and functional areas, to ensure vulnerability management and Pentesting activities – ZEISS internal, internet-faced and cloud services – are well understood, implemented, maintained and executed
- execute the vulnerability management process and maintain related processes and tools; in close cooperation with other stakeholders and service providers
- coordinate Pentesting (Red Team – Blue Team) activities and improve – based on the output – the detection capabilities of the Information security Monitoring tools
- act as an advisor on solutions and best practices and support implementations of the related subject areas across the organization primarily to achieve goals in innovative, creative, novel and effective ways
- set up a framework within the organization to manage penetration testing engagements consistently throughout the enterprise to allow efficient remediation, maximum value return and consolidated lessons learnt
- guide and maintain a continuous feedback loop with the security operations team to ensure detection capabilities are keeping up with the latest offensive techniques
- establish partnerships with 3rd party security organizations and coordinate cooperation and engagements together with them and the business stakeholders
Your Profile
- Apprenticeship / professional education / studies in the field of computer science, IT, InfoSec or equivalent and a solid period of experience in various information security roles with an international scope
- professional working experience (for Seniors minimum 7+ years) in related fields, especially Vulnerability Management, Security Monitoring or Pentesting as well as defensive security operations
- a very good expertise on creating an incident management framework and processes; network, desktop and server technologies and network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS) and Cloud Services (MS Azure, AWS)
- a strong knowledge of ITIL best practices and process improvements and various operating systems (e.g. Windows, Linux, etc.) and networking technologies commonly deployed to enterprise networks and accompanying vulnerabilities
- strong communication skills, including ability to solve complex tasks and problems, applying innovative thinking
- English (fluent), other languages (like German) of advantage
Recruiter:
Sally-Sahel Grütte-Pad [C]