Cyber Security Architect/Hybrid

Wyser

Wyser is an international search & selection company present in 3-continents

We are looking for a 'Cyber Security Architect' for our client of Information Technologies industry.

Responsibilities

• Identifying and establishing the security needs and controls required for a layered IT security architecture,
• Researching new security technologies and solutions, conducting PoC activities,
• Determining and monitoring the controls on security devices and identifying necessary improvements,
• Determining information security requirements of the projects and activities carried out by other departments and teams,
• Conducting threat modeling and risk assessment activities on existing processes and new projects Evaluating identity and access requests for information systems,
• Determining and evaluating security controls on SDLC processes,
• Monitoring new security threats and vulnerabilities, identifying solutions and communicating with retaled parties to take necessary actions,
• Performing infrastructure and application (web, mobile, API, etc.) security tests within the scope of vulnerability management process,
• Managing the tools and platforms used in the vulnerability management process,
• Organizing annual penetration tests with regard to BRSA regulations,
• Advising and consulting security teams with information security subject matter expertise.

Qualifications

• Minimum 5 years of experience in information security Knowledge of information systems processes and infrastructure,
• Knowledge of Windows/Unix/Linux operating systems and TCP/IP protocols,
• Basic scripting knowledge (JavaScript, PHP, Python, SQL etc.),
• Knowledge of Next Generation Firewall, IPS, WAF, EPP, EDR, HSM, SIEM, DLP, E-Mail Security, URL Filtering, DDoS, PAM, IDM solutions,
• Knowledge of information security policies and regulations (BRSA regulations, KVKK) Knowledge of frameworks and standards such as NIST CSF, PCI DSS, ISO 27001,
• Knowledge of application development lifecycle (SDLC) security tools (SAST, DAST, SCA, etc.) Analytical thinking and result oriented,
• Preferably at least one of CISSP, CISM, CISA, OSCP, OSCE, OSCE, OSEE, OSWE, OSWP, GPEN, GWAPT, GXPN, GMOB, eJPT, eWPT, eCPTX, eWPTXv2, eMAPT, LPT certifications.