Summary

Scope is looking for a passionate Information Security Officer to join our Information Security team based in Berlin. The candidate should be familiar with and have previous experience with Endpoint Protection, Vulnerability Management and Pentesting exercises, Security Operation Center Management, Network Intrusion Prevention and Firewall solutions, and DevSecOps.

The role requires a responsive, proactive, and highly productive professional who can work with numerous stakeholders to ensure a continued optimum level of Security.

Duties & responsibilities

• Administering and monitoring Microsoft security platforms including Microsoft Azure and Office 365 Security Centers, Azure Sentinel, and working with Microsoft Compliance Portals for security monitoring and investigations

• Monitor and restrict access to sensitive, confidential, or restricted data using Data Classification, and Data Loss Prevention solutions

• Management of Penetration Testing and Vulnerability Management activities across Web Applications and Network vulnerability scanner (Tenable Nessus) and understanding of the related industry standards, such as CVE, CPE, CVSS

• Management of SIEM solution, day-to-day incidents remediation, escalation of tickets or cases derived from SIEM solution, or monitoring of server event logs, firewall logs, access logs, and other security logs

• Endpoint Protection and threat hunting skills for malware investigations, phishing attempt analyses, forensics, and root cause analyses

• Review firewall rules and policies, specifically on web application firewalls (WAFs) and Intrusion prevention systems (Sophos, Palo Alto)

• Take part in Incident response activities for company-wide information security incidents & data breaches, recommend improvements and controls to prevent recurrence wherever possible, or follow up with other stakeholders

• Monitoring Applications and services for business continuity and resiliency processes, including data backup and recovery testing, patching and upgrading activities monitoring

• Ensuring the use of appropriate security tools in the development environment, play a role in developing and designing application-level security controls and standards. Familiarity with automated dynamic scanners and static code analyses tools and code review techniques

• Supporting the Information Technology, Risk, and Compliance teams in the implementation of the Group Information Security Strategy

Professional & personal qualifications

• 5+ years’ experience in the Information Security domain

• Minimum of 2 years’ experience with public/private cloud environments (Azure, AWS, GCP, etc.)

• Experience in working with DevOps teams to adopt security best practices in the cloud, including dynamic and static code analyses tools, code review techniques, and decent exposure to Terraform, Docker, container management services, CI/CD pipelines, and secrets management in microservices-based architectures

• Bachelor’s or master’s degree in computer science, information technology, Cyber Security, or equivalent professional experience

• Technical experience in working with DLP Solutions is a plus

• Knowledge of Azure Security Center, Entra ID (Identity Protection and Privilege Access Management, Conditional Access App Control), and Microsoft Security Portals

• Knowledge in the implementation of Information Security frameworks like ISO 27001

• Certified Information Security Manager (CISM) or equivalent certification

• Certified Ethical Hacking (CEH) or equivalent certification

• Microsoft Azure and Security Certifications will be a plus

• Ability to meet deadlines, motivate others to do the same, and manage stress effectively in high-pressure situations

• Ability to take ownership and responsibility of tasks and projects that involve both independent and teamwork

• Willingness to learn new technologies and tools

• Experience in a multitasking environment, providing support on different projects simultaneously

• Fluent in English (written and spoken); Fluent in the German language is a plus