Junior Information Security Engineer
Evamp & Saanga is leading ICT solution provider and The Information Security Department serves as the process owner for all activities related to availability, integrity, and confidentiality of customer, employee, and business information in compliance with the various information security policies and procedures. The Junior Information Security Engineer will carry out the responsibilities of the position in accordance with Information Security Policies and Procedures. They will work with the Information Security Committee to ensure cooperative efforts are being made with all partners as appropriate.
The successful candidate will have broad technical knowledge and general understanding of methods used to protect both corporate and customer-facing applications, systems and network infrastructures. In addition, the candidate must possess excellent oral and written communication skills and should have a can-do attitude. Experience in presenting technical issues to a wide variety of audiences will be highly appreciated.
Essential Duties and Responsibilities
• Review software changes and state their impact on certain programs in the system
• Assess vulnerabilities and work with developers to fix them
• Participates in the organization’s disaster recovery, business continuity, and incident response plans for information systems
• Promotes activities to foster information security awareness within the organization
• Participates in internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies (i.e. directory services, database platforms, web services, firewalls, remote access, etc)
• Works with information security management to administer, maintain, and continuously improve internal controls and compliance programs, investigate known or suspected security incidents, support internal and external audits.
• Ensure reports and findings are delivered in a timely and appropriate manner to management.
• Participate in a variety of projects while being responsible, with a team, in implementing, administering, etc. pragmatic information security controls to meet dynamic tactical and strategic information security objectives.
· BS/MS degree in Software Engineering, Computer Science, IT or Information Security
· Information Security Certifications are desirable but not necessary
· Knowledge and experience of OWASP tools and methodologies
· Knowledge of experience of working with penetration testing tools and technique
· Knowledge of common security requirements within web and mobile applications for different platforms and programming languages
· Knowledge of standard SDLC practices
· Ability to complete tasks and deliver professionally written reports for clients
· Ability to present findings to technical staff and executives
· Proficient English language written and oral communication skills
· Understanding and familiarity with common code review methods and standards