Information security engineer in lifecell

Area: Support and improve existing IT Security controls and systems to protect critical IT assets and sensitive corporate data; implement new processes and projects to enhance the overall IT/Information security level of the Company with OS and database security.Functional Description:Support of existing IS infrastructure (ELK stack, Privilege access management, IBM Guardium Database Activity Monitoring) and adjust/improve it for specified needs (updates, modifications, etc.)Creating monitoring dashboards, alarms, notificationsMonitoring of IS incidents (including Turkcell SOC incidents). Develop and maintain a list of critical events for monitoring. Collect information from different sources and perform security investigationDevelop and maintain IT/Information security policies, procedures and instructions, related to IS monitoringAct as a Security Analyst in projects to conduct IS risk analysis and design countermeasures to minimize the risks related to sensitive data leakage and unauthorized modificationControl compliance of processes and controls to Security and international standards requirements, introduced in the company, such as ISO 27001, PCI DSS and SOXParticipation in Information Security Awareness of the Company. Consult employees on the matter of Information and IT Security. Run campaigns to verify and assess the level of employees' information security awarenessAct as a Project Manager in assigned Information Security projectsRequirements:Education: University Degree in IT/Information Security or any other IT-related areaExperience: from 2 to 5 yearsLanguage skills: English — intermediate, Ukrainian — fluentEssential professional experience:Experience with SIEM administration and support: Elastic Stack, SplunkSystem administrator or DevOps background: Unix systems, DBs, AWS, k8s, GitExperience with log collection, parsing and enrichment with Elastic beats, logstash, syslog-ng, rsyslogStrong experience in logs analysis, correlation and visualization via Elastic stack toolsScripting development using a variety of tools like Bash, Python, Ruby, GoPractical knowledge of Information Security Management frameworksGood knowledge and working experience of Information Security standards and best practices: ISO270xx. Also CobiT, ITIL standardsGood understanding of DB architectures such as Oracle (Exadata), MySQL, MSSQL and its logging and security configuration aspectsKnowledge and experience in designing and applying security controls for different database technologies.As an advantage it would be Practical experience in DAM technologies such as IBM Guardium or similar (Imperva, McAffee). Ability to configure DB monitoring policies, alerts, and reportsGood knowledge of IP/GSM networking and overall internal IT processes. Understanding of SDLC conceptGood communication and excellent reporting skillsAbility to dive into details and study new knowledge