Exness, a leading foreign exchange broker in the financial services field, is looking to hire an experienced IT Security Engineer to join our Team in Limassol, Cyprus.
The position is a member of IT Security function with the objective to identify existing and emerging security threats and protect Exness Group of Companies from them, maintain business continuity and regulatory compliance in respective areas. The position is a member of Information Security Team reporting to IS Team Lead
- Work directly with the business units to facilitate building secure workflows, processes, systems and services.
- Maintain effective communication and coordination with Product Development and Operations teams in security-related areas.
- Ensuring that information assets and technologies are properly protected, which includes the following:
- Practice-driven information security controls management.
- Enforcement of compliance with these controls and technology-related regulatory requirements.
- Development and applying of security checks to measure the effectiveness and sufficiency of implemented security controls.
- Development of data (incl. PII) protection measures to prevent its loss and misuse.
- Development of practice-driven appropriate security policies and procedures.
- Review architecture, implementation and operations of IT systems from a security perspective.
- Manage Application Security in accordance with Secure SDLC principles.
- Management of external BugBounty program, pentesting.
- Identity and access management. Ensuring that only authorised people have access to restricted data and systems. Maintain a least privilege approach.
- Management of Security incidents. Investigations and forensics.
- Continuously develop security related event management and incident response processes.
- Management and development of security education programs for employees (at onboarding and ongoing).
- At least 5 years of practical experience in Information Security and/or other IT roles.
- Ability to leverage business communication skills to inform, convince, and educate employees to enable effective information security activities and processes.
- Knowledge of most common infrastructure and application level vulnerabilities, ways of exploitation and protective measures.
- Practical experience in web application security research.
- Hands-on experience with modern information protection systems, including open source products.
- Experience in administering Linux and Windows systems.
- Deep understanding of security aspects of virtualisation, containerisation and cloud services (AWS).
- Cryptography basics.
- Experience with audits: internal and external.
- Broad spectrum of technical knowledge in the following areas (the list is not exhaustive): Linux family, Docker, Kubernetes, AWS, Vault, SSO, Elastic Stack, git.
- Good knowledge of basic technologies and protocols (TLS, HTTP, Web Socket, DNS, OIDC, SAML, WS-Security, LDAP, Kerberos etc.) and threats to them.
- Hands-on experience in development and/or automation.
- General acquaintance with regulatory frameworks and compliance requirements associated with financial services is a plus.
- English language (Upper Intermediate or higher).
Would be a plus
- ITSM fundamentals, project management.
- Any industry certifications are a plus.
- Security Operations Center or penetration testing experience.
- Digital forensics experience.
- Team management skills are a plus.
- Well developed soft skills are a plus.
- Official employment in accordance with the laws of Cyprus and the EU, including the registration of family members
- Medical insurance for employees and family members
- Corporate Mini Cooper CountryMan S for all relocated employees
- Relocation package (visa, tickets, corporate flat for 1 month)
- Сompany's fitness center for employees and their spouses
- English and Greek language classes
- Kindergarten/school compensation program
- The best view to the sea from our own rooftop bar