OPSWAT

Tóm tắt công việc

Position:

The Security Analyst will play a vital role in the day-to-day operations and project planning related to security and privacy compliance activities involving privacy policies, security incidents and investigations, and other tasks.  This role will also involve responsibilities related to security operations such as performing penetration testing and simulated attacks as part of red team exercises.  As a team member for a leading cybersecurity organization, you will be immersed in cutting-edge technologies and security practices.  Confidentiality, Integrity, and Availability serve as the principles for meeting our objectives within OPSWAT’s compliance team.  Protection of data and compliance with industry standards, regulations, and local laws will be integrated into your responsibilities.  Security compliance is a vital responsibility within every organization and more emphasis is placed upon this to achieve security certification statuses, meet vendor onboarding requirements, and counter ever-growing threats.  Resourcefulness is a necessary skill in this role.  You should be able to understand security frameworks and regulations to apply this knowledge to policies and procedures.   You should also have the patience to communicate with a variety of technical and non-technical teams and users.  Your goal will be to ensure that our security and privacy policies align with our technology infrastructure.  Security compliance is an exciting and important responsibility for someone who is interested in the protection of organizations and personal information from a policy enforcement and auditing perspective. You will gain sought-after knowledge and experience directly from a globally recognized security company.  The position reports to 

What You Will Be Doing:

• Perform work that includes tasks and projects as assigned by Information Security management
• Develop and review security policies, procedures, and processes as required to comply with industry standards, regulatory commitments, and security certifications
• Activities related to OPSWAT’s security framework implementation of NIST CSF
• Perform internal and external penetration testing as part of red team exercises
• Work on customer security questionnaires that also involve fulfilling document requests
• Security incidents response and investigations
• Review access controls and firewall rules
• Implementation and administration of GRC applications
• Develop automation tools and processes
• Data workflows and dashboards
• Perform security investigations and maintain chain of custody
• Analyze security logs for anomalies and threats
• Work with various technical teams such as IT, Cloud Operations, and DevOps
• Obtain data sets and use of queries
• Perform or oversee internal audits related to policies and standards
• Fulfill personal data requests related to GDPR and CCPA compliance
• Security vulnerability remediation activities
• Work on security tasks as assigned through Jira tickets 

• Meaningful work with passionate colleagues;
• The international working environment in global leading cybersecurity product company;
• Attractive compensation, regular assessments, and salary reviews;
• 13-month bonus & performance bonus;
• 100% salary, full insurances on probationary period;
• Extra-health care program (PVI) for employee and family members;
• 15 to 20+ paid day off per year;
• Attractive benefits for team activities (team building, team outing, sport, trade union activities);
• Nice open office on the top of a building in District 3 with full of accessories for active recreation, sport, fruits, coffee, and tea.
• Chances of work assignments/ business trips to OPSWAT global offices in US and Europe

• General understanding of Information Security and Cybersecurity
• Technical understanding and background related to Information Systems, firewalls, Cloud environments, and networking technologies
• Enthusiastic about learning and willing to research
• Ability to learn regulations such as GDPR and apply as security policies and procedures
• Ability to perform ethical hacking and knowledge of penetration techniques
• Ability to use Kali Linux, Metasploit, Burp Suite, and other tools
• Knowledge of Jira and Confluence
• Policy writing and review
• Ability to work with data sets and queries
• Ability to perform internal audits related to policies and standards
• Strong organizational and time management skills
• Excellent verbal and written communication skills.  Must be able to effectively communicate with the various department personnel including IT, DevOps, CloudOps, SecOps, and other technical teams. Communicate effectively with individuals at all levels of management and with external auditors is also required.