Senior Cyber Security Engineer

As Senior Cyber Security Engineer you will contribute significant technical expertise to ensure the safety of information systems and assets, protecting systems and information from unauthorized access or modification. You will contribute to development of security strategy, policy and procedures. Additionally, you will work with internal stakeholders to understand their data security needs, providing recommendations as required. Overall, you will help ensure that stakeholders understand and adhere to necessary policy and procedures.

Day-to-day, you will:

- Contribute to, and may lead, analysis of information/technology systems compliance and security issues, resolving complex issues if needed

- Support the vulnerability management process for company assets

- Participate in security incident response activities

- Identify and resolve security issues affecting architectures, network/data traffic, and network access

- Provide expert security infrastructure support for enterprise systems, proactively identifying issues and potential resolutions

- Assess information security risks of new projects and existing IT environments, relying on technical expertise

- Contribute to development of a variety of security deliverables, including: system security plans, security and risk assessment reports, privacy impact assessments (PIA), contingency plans, milestones, etc.

- Identify, validate, and report on security incidents and events based on enterprise policies and procedures

- Create compliance programs and activities, contributing to implementation

- Participate in forensic information security investigations involving enterprise computers, servers and/or networking infrastructure

- Support junior security team members in developing IT security skills and expertise

Qualifications
Your technical and non-technical skills may include:

- Experience with vulnerability management technologies (e.g., Nexus, Qualys, Rapid7)

- Experience with security incident management

- Knowledge on ISO 27001 certificated ISMS and implementation guidelines

- Knowledge of principles of risk management

- Experience in infrastructure technologies and solutions, especially Microsoft and cloud

- Experience with operation management, systems security, testing, databases and mobility considerations

- Knowledge on data protection and identity management techniques

- Solid understanding of the software and security development lifecycle

- Knowledge of security practices for cloud computing environment

- Experience performing technical assessments and control testing of applications and networks, firewalls, operating systems, etc.; includes assessment of security risks, and user access security

- Experience interacting with internal clients from diverse professional backgrounds

- Experience working with global teams, including working with off-shore teams to facilitate project work

- Demonstrated excellence in communicating and presenting complex information to technical and non-technical stakeholders, both verbally and in written form

Good written and spoken English skills

Preferred Certifications:

Certifications as CISA, CISM, CISSP and/or Microsoft certifications (MCSA, MCSE) are a plus

You will likely possess a degree (or equivalent), preferably in IT-related field

You will likely have 4+ years if experience in security field with significant focus on IT Security

Location: Milan, Rome

Requisition ID - 55121

Avanade is the leading provider of innovative digital and cloud-enabling services, business solutions and design-led experiences, delivered through the power of people and the Microsoft ecosystem. Majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation and has 30,000 professionals in 24 countries. Visit us at www.avanade.com.


Back to top