At Noverka, our values illustrate who we are and define our convictions: Human, Transparent, Passionate. We are driven by innovation and success, both in our relationships and in our practices.
Finding the right job for the right person is what we do best!
Our client, an organization in the Insurance field is looking for a SECURITY ANALYST Network Security team.
Role and responsibilities :
- Understand, analyze, document and support partners/users in clarifying their needs.
- Produce comprehensive, fully documented, evidence-based analyses.
- Formulate professional opinions and pragmatic recommendations, all in accordance with established standards, rules and guidelines.
- Review data and reports to detect underlying trends, significant deviations and identify root causes of various issues.
- Actively contribute to solving operational problems and proposing solutions to improve processes and ways of doing things.
- Carry out professional activities and deliverables in collaboration with others in his/her field or work team.
- Support partners/users throughout the delivery process, ensuring quality of service.
- Participate actively in all team activities (preparation of ceremonies, Definition of Done, etc.).
- Propose, implement and operate technical solutions for the prevention and detection of information security incidents.
- Investigate, among other things, the vectors of compromise, using security logs and various protection and detection tools and equipment.
- Carry out required analyses and recommend corrective measures.
- Help implement activities to ensure and improve the overall health of IT services and processes.
- Advise IT delivery teams in defining their objectives and the scope of their information security projects.
- Identify security requirements according to the project context, ensuring alignment with the normative information security framework.
- Identify and categorize information assets in line with the organizational risk appetite of IT asset owners.
- Identify and evaluate risk scenarios to mitigate residual risks, then present these to asset owners with a concrete action plan.
- Model and detail access by defining roles, user groups and their relationships.
- Familiarity with software development life cycle (SDLC), DevOps, ITIL.
- Have a good knowledge of regulatory requirements associated with affected business domains, applicable industry standards (NIST, ISO 27001, etc.) in order to be able to apply information security best practices.
- Demonstrate a working knowledge of security concepts such as: encryption, logging, monitoring, identity and access management, cloud computing, etc.
- Demonstrate verifiable knowledge of DevSecOps methodology.