Вакансии

Кишинёв · IP Serviciul Tehnologia Informației și Securitate Cibernetică вакансии компании »

Main objectives:
1. Incident handling. Leading an investigation and responding to security incidents, determine their severity, and provide detailed reports consistent with incident handling (discovery, documentation, notification, acknowledgement, containment, investigation, resolution and closure). Offer support in incident handling to customers. Provide general and specific advice. Specifically:
• Deal with incoming reports that affect the constituency and pass them on, as appropriate, to the sites affected within the constituency and/or CERT-GOV-MD partners;
• Examine log files;
• Identify affected sites;
• Point to technical documents or advisories;
• Provide technical support;
• Provide workarounds and fixes;
• Point to resources that provide or can help establish appropriate points of contact;
• Provide a list of appropriate points of contact;
• Undertake contact of other parties affected in the incident and law enforcement agencies;
2. Announcement:
• Disclose information to the constituency (in form of security news, alerts, advisories or guidelines), to assist them in protecting their systems, or to look for possible signs of attack by providing notification of potential, current, or recent threats; and further to suggest methods to detect, recover from, or prevent threats.
Additional responsibilities, which might be assigned:
• Manage the day-to-day operations of the CERT security solutions and instruments. This includes monitoring, policy tuning, troubleshooting, patching and creation of custom signatures.
• Participate in internal audits of the information security management system. This includes: review of security controls, risk assessments, vulnerabilities scanning and penetration testing to determine the compliance with standards and security policy. Recommend appropriate action to management.
• Participate in development of security policy, procedures, instructions and guidelines.
• Participate in seminars, conferences and/or trainings.
• Assess information security related software and hardware systems.
• Perform other duties as assigned.
Candidate requirements:
1. Candidate MUST have the following interpersonal and communication skills:
• effective oral and written communication skills (in Romanian and English) to interact with constituents and other teams;
• diplomacy when dealing with other parties, especially the media and constituents;
• integrity and trustworthiness to keep a team’s reputation and standing;
• ability to follow policies and procedures;
• willingness to continue education;
• ability to cope with stress and work under pressure;
• team player;
• willingness to admit to one’s own mistakes or knowledge limitations about a topic;
• problem solving to address new situations and efficiently handle incidents;
• time management, in order to concentrate on priority work.
2. Candidate MUST have conceptual understanding of the following :
• public data networks (telephone and IP network)
• the Internet (aspects ranging from architecture and history to future and philosophy)
• network protocols (IP, ICMP, TCP, UDP)
• network infrastructure elements (switch, router, DNS, mail-server, web-server)
• network applications, services and related protocols (SMTP, HTTP, HTTPS, FTP, TELNET, SSH, IMAP, POP3)
• basic security principles
• risks and threats to computers and networks
• security vulnerabilities/weaknesses and related attacks (IP spoofing, Internet sniffers, denial of service attacks, and computer viruses);
• network security issues (firewalls and virtual private networks)
• encryption technologies (AES), digital signatures (PGP, PKI), cryptographic hash algorithms (MD5, SHA-1)
• host system security issues, from both a user and system administration perspective (backups, patches);
• international information security standard ISO 27001;
3. The following skills will be the benefit:
• Scripting abilities (Ex. Programing in Python, Bash or Windows batch scripts);
• Hands on experience in using vulnerability scanning or implementing security monitoring tools;
• Experience in developing and application of IT security policies and procedures;
• Experience in configuration and administration of networking components (e.g.,routers, switches) and computer systems (UNIX, Linux, Windows, etc.);
• Experience in making and presenting at conferences, or managing a group;
• Experience working with data encryption/decryption software GnuPG, OpenSSL, TrueCrypt, PKI software;
• Work organization skills.
4. Legal requirements:
• Citizenship of Republic of Moldova;
• BSc/MSc in Computer Science or related field/equivalent experience;
We offer:
• Professional, dynamic and young team;
• Strong career potential and professional development;
• Trainings (both National and International) & development opportunities;