• Job code: QR6462
  • Security

Medior Information Security Consultant

For our client we are looking for a Medior Information Security Consultant with experience in domains of ISO27001, Cyber Security, Audit, Risk Management and Compliance.
A Consultant that can foster continuous improvement in the security state of our organization. Combination of knowledge on technology, processes and governance in order to improve the security state of our organization.
Looking for a hands-on consultant to work in the epics of SIEM, Vulnerability Management, Patch Management, LifeCycle Management and Security Testing.

Day to day activities:
- Educate squads on policies & procedures to ensure compliance to Information Security Standards
- Coordinate Vulnerability Scanning provider and alignment with squads in order to eliminate the vulnerabilities
- Design and test reporting requirements in build tooling
- Analyse reports of vulnerabilities (Nessus output) and identify mitigating measures (create backlog stories) that should be executed by squads
- Perform root cause analysis on missing patches, vulnerabilities and lifecycle issues. Propose sustainable and automated solutions to illuminate the root causes
- Create written and automated reports, detailing assessment findings, vulnerabilities, PTA and 
-  Coordinate penetration tests supplier and alignment with squads from an insider threat perspective.
-  Information security audits & QA activities
- Analyse malware behaviour, network infection patterns and security incidents
- Produced advisory reports regarding 0-day exploits and CVE vulnerabilities
- Perform Vulnerability Assessments challenges of assessments performed by supplier
- Provide training of squads on Information Security and best practises
- Analyse Security Design documentation of squads for applications and provide improvement suggestions

Required IS certifications:
- Certified ISO 27001 (Lead Auditor or Lead Implementer)
- Certified ITIL V3

Required tooling knowledge:
- Vulnerability Assessment Tool Nessus
- SIEM Tool HP Arcsight
- Scanning tool static HP Fortify and Checkmarx
- Penetration Testing Kali Linux

Generic Skills:
- Excellent verbal and oral communication skills (English)
- Good demo and presentation skills
- Team worker, ambitious and Can-Do mentality
- (Corporate) Entrepreneurial spirit
- Able to motivate the squads to the next level of security maturity and performance
- Able to create a positive attitude towards IS in meetings and demo sessions
- Used to working on a global level with colleagues around the world from various cultural backgrounds
- Used to Agile scrum way of working