Infrastructure Security Analyst
Mambu, Lithuania

What you will be doing:

• Ensure that infrastructure events and changes related to information security are timely reviewed
• Quickly review infrastructure events that impact information security, like access to customer data, to be in line with internal policies 
• Quickly review infrastructure changes that impact information security, like a change in firewall rules or introduction of a new SaaS solution or open source component, to be in line with internal policies
• Work with Security Engineers to automate reviews where possible

• Ensure that infrastructure security incidents are quickly contained
• Quickly perform a first assessment on infrastructure security incidents, including reported vulnerabilities from several sources (IDS, WAF, vendors of third party dependencies, penetration tests), regarding their risk and derive next actions

• Ensure that security aspects are well reflected in infrastructure risk assessments
• Support security readiness assessments for new infrastructure services or after major changes
• Support annual and ad-hoc risk assessment workshops with Infrastructure team members to identify and mitigate infrastructure related security risks for existing systems and during the design of new services
• Monitor treatment of risks and support continuous improvement of the maturity of the infrastructure security program to reduce security related risks

• Ensure security awareness among Infrastructure engineers (SREs)
• Maintain information security and data privacy training program and train infrastructure engineers on information security and data privacy with respect to their infrastructure engineers function

• Rensible for successful internal and external security audits and due diligences
• Coordinate pentests from infrastructure perspective
• Perform internal infrastructure security audits
• Support maintaining the documentation of the infrastructure security in our Control register and security assurance documents
• Coordinate table-top exercises for infrastructure team, covering scenarios like disaster recovery, data breaches, or cyber attacks
• Attend internal and external audits and due diligence activities to demonstrate evidences of current practices related to infrastructure security

You need to have:

• Information Security Knowledge: Concepts of information security (confidentiality, integrity, availability, etc.) and their implementation options (encryption, identity and access management, backups, redundancy & high availability, network configuration)
• Knowledge of modern application architecture
• Knowledge of modern infrastructure 
• Analytical, detail oriented and creative problem solving skills
• Strong written and verbal communication skills in English

Nice to have:

• Information security risk management incl. threat modeling
• ISO 27001 Implementation Knowledge
• Internal Auditor Experience
• Data Privacy / GDPR Knowledge
• Knowledge and experience with a programming language (e.g. Python)

Compensation and benefits:

• Competitive salary;
• Flexible working hours;
• Summer schedule (4-days/week);
• Health insurance;
• Global business travel insurance;
• Free parking space at the office;
• Professional career growth by providing access to trainings and conferences</

Job Rewards and Benefits