Jobs Kyiv

About you:

We are looking for a proficient Vulnerability Researcher to work in the cybersecurity field. If you are interested in making a difference and being part of an exciting project, please apply with your CV.

About project:

Our new client develops a cyber security project for the US government. You will have the opportunity to contribute to the security of the United States.

Your area of responsibility:

- Detect and exploit vulnerabilities;

- Build scripts and software modules to verify the presence of vulnerabilities;

- Reverse-engineer vulnerability patches in order to better understand certain vulnerabilities;

- Assist in the development of tools to improve vulnerability or threat research.

Skills and requirements:

- Proven experience in vulnerability exploitation and fuzzing;
- Extensive experience (3+ years) in reverse engineering;
- Knowledge of OS internals (any OS);
- Recent knowledge of exploitation techniques (iOS/Android/Windows/Linux/embedded).

Will be a plus:

- Academic degree in Computer Sciences/Mathematics/Physics;

- Proven record (CVEs or verbal description) of found vulnerabilities in mobile/desktop OSes;

- Good interpersonal skills.

We offer:

- Висококласні робочі умови: спільнота першокласних інженерів, близько 90% нашої команди це Middle та Senior; цікаві та довгострокові проєкти у різних сферах; можливість змінити проєкт в разі необхідності;

- Конкурентна ринкова компенсація в валюті (не в гривневому еквіваленті), яка виплачується без затримок;

- Власний план розвитку та регулярні перегляди компенсації;

- Оплачувані відпустки (20 днів) та лікарняні дні (5 днів);

- Всі державні свята за Українським законодавством є вихідними;

- Можливість працювати з будь-якою точки світу — ми знайдемо юридичний варіант, допоможемо легалізуватися або проконсультуємо з цього питання.

- Бухгалтерський супровід;

- Юридична підтримка в межах України;

- Повноцінна HR-підтримка та турбота.

Ajax Systems is an international technology company, the largest developer and manufacturer of security systems in Europe.

The startup, created in 2011 in Ukraine, scaled into an international product company. Ajax security systems protect more than 2.5 million users in 169 countries. The company works with 150,000 installers in key markets.

Ajax Systems has a central office, an R&D department, and two full-cycle productions in Ukraine; the representative offices in the UAE (Dubai), Great Britain, Italy, Spain, and teams in many other regions; and a logistics hub in Poland.

The company has more than 3,000 employees, including 500 development engineers and 1,200 production workers.

Ajax products are a whole ecosystem of 135 devices, mobile and desktop apps, and server infrastructure.

The product line includes control panels, motion detectors, opening detectors, flood prevention, fire detectors, street and home sirens, alarm buttons with the appliances control function, smart sockets, and relays.

Our infrastructure is a part of the product that is invisible to the end user, but critical to the life of the entire system. The safety of our users and their property depends on our uptime. We are constantly developing our cloud solutions and this requires automating our infrastructure, testing and improving its fault tolerance. For this purpose we are looking for Senior DevSecOps Engineer.
 

Requirements:

• 5+ years of experience with a strong interest in security or exposure to DevSecOps principles.
• 3+ years of experience with AWS common stack: VPC, EC2, S3, RDS, Elasticache, Route53, Lambda etc.
• 3+ years of experience with AWS security stack: CloudTrail, IAM, KMS, WAF, GuardDuty, Inspector, Macie etc.
• 3+ years of experience with managing Linux-based systems, TCP/IP networking.
• 3+ years of experience with IaC and config management tools such as Terraform, Terragrunt, Ansible.
• Experience with git, Docker, Github Actions, Jenkins etc.

• Interest in security best practices and a willingness to grow skills in securing DevOps processes.

   

Desirable:

• Experience in a DevSecOps role or a similar position.
• Understanding of regulatory requirements and industry standards(SOC2, ISO27001, PCI DSS etc).
• Certifications related to cloud security (e.g., AWS Security Specialty)
• Kubernetes (AWS EKS) + Helm.
• Message brokers: NATS, Kafka.
• Databases: MongoDB.
• Hashicorp tools: Vault, Packer.

• Monitoring/Alerting: Datadog, OpsGenie.

   

Responsibilities:

• Security-focused DevOps Practices: Apply secure configurations and best practices within the DevOps environment, aiming to make security a natural part of the development and deployment process.
• Vulnerability Awareness: Help identify and address vulnerabilities in software and infrastructure components, working collaboratively to mitigate risks.
• Security Incident Participation: Work with incident response teams on security issues, assisting as needed with investigations and documentation.
• Infrastructure Hardening: Support secure configurations of cloud infrastructure, with a focus on access management and basic data protection measures.
• Real-Time Monitoring Assistance: Assist with maintaining and improving security monitoring for quick detection and response to incidents.
• Tool Collaboration: Collaborate with the security team to evaluate and integrate tools that enhance DevOps security.
• Documentation and Process Integration: Help document security practices, policies, and procedures within DevOps workflows, integrating them smoothly with existing processes.

With us you will enjoy:

• Working with a team of people to build the future of an industry.
• Non-trivial challenges and various specter of interesting tasks.
• A flexible, friendly and collaborative work environment.
• Corporate culture based on common sense.
• Opportunities to influence the creation of new products and their quality.

KPMG is a global network of professional firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited («KPMG International») operate and provide professional services. «KPMG» is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.

We operate in 143 countries and territories, and collectively employed more than 273,000 people working in member firms around the world. Each firm is an independent legal entity. Each KPMG member firm is solely responsible for its own obligations.

KPMG is committed to three key imperatives: quality of services, insight into the problems of our clients, and integrity in our business. It is these principles that drive our firms professionals to provide audit, tax, and advisory services that reflect global consistency and unwavering integrity. We will build and sustain our reputation as the best firm to work with by ensuring that our people, our clients and our communities achieve their full potential.

You will be a part of KPMG IT and Cyber Advisory providing services in area of:

• Development and implementation of cyber security strategies
• Assessment and building modern SOC’s
• Digital forensics and cyber response
• IT and cyber security audits
• Penetration testing and Red team exercises
• Assessment and building Secure SDLC and DevSecOps
• Cyber awareness and trainings
• GDPR and data privacy

Responsibilities:

• Support the delivery of high-quality deliverables and thorough documentation
• Support project management activities by building status reports, tracking deliverables, coordinating action items, and capturing meeting minutes
• Research and understand cyber security related topics, concepts, tools, and processes to support client delivery

Requirements:

• Graduate or final-years student (3rd course and above)
• Degree in computer science, information security or other related fields
• No or minimal working experience
• Understanding of multiple technology domains including OS administration, database management, networking, software development
• Common understanding of security vulnerabilities in operating systems, web applications, including knowledge of remediation procedures
• Common understanding of a wide range of information security and IT methodologies, standards (e.g. ISO 27x, NIST, Cobit etc.), regulatory requirements (both Ukrainian and global), principles, technologies and tools (attacking and defensing — e.g. vulnerability scanners, traffic analysis, forensic tools etc.)
• Understanding of technology risks
• Standing and positive reputation in the information security community is preferred
• Sharp research and analytical mind and technical aptitude
• Strong verbal and writing communication skills
• Ability to work as part of a team and commitment to achieving results
• Effective interpersonal and communication skills
• English — Intermediate (B1) and higher and/or a strong desire to improve English skills in a short time

What we offer:

• Internship that will help you get your first hands-on experience in cyber security
• Career path in one of the following areas: SOC analysts, forensic analyst, security engineer, penetration tester
• Ongoing training and development (including English speaking club)
• Mentorship of the professionals with practical experience
• Salary for the internship period
• Global opportunities
• Wellbeing
• Hybrid working (in-office and remote work) with a flexible schedule
• Modern office in the city center

We are looking for a Security Architect (Cloud) to join our team!

As a Security Architect (Cloud), you will become an essential and vital part of our Cyber Risk team, providing expert advice in both local and international cloud security projects where a diverse skillset, relevant knowledge on both IT and business aspects set us apart from the competition. As part of our Cyber Practice, you will be part of a team of seasoned cyber security professionals where inclusive leadership, continuous learning and coaching culture is considered an essential part of who we are.

As part of your role, together with Senior Leadership, you will be in charge of developing and refining Deloitte's Cloud Security offering and go to market; as well as build the Cloud Security practice within Ukraine and central Europe.

Some of your tasks will include:
 

• Supporting clients during their cloud transformation initiatives, making sure that all technical security risks are correctly identified, mitigated and reported. In addition, integrating the new cloud infrastructure in the overarching security architecture and strategy
• Plan, research, and design security controls for IT systems and data to align with business objectives
• Developing technical security standards to serve as input for the creation of the cloud landing zones
• Defining, establishing and maintaining multi-cloud security architectures, strategies and methodologies
• Leading the implementation of technological cloud security capabilities by defining the technological security vision, defining the solutions and steering the implementation teams in realizing these architectures
• Review system security measures and implement necessary enhancements
• Defining and reviewing cloud security architectures and strategic roadmaps on an ongoing basis to ensure alignment with both business and IT strategies, taking into account technology evolutions
• Giving input to the ongoing improvement and streamlining of security architecture development and delivery
• Delivering an integrated security architecture model linking cloud, applications, information and infrastructure architectures

Let's talk about you

• Between 7 - 15 years of Cyber security experience, ideally most of it within consulting within the following areas:

Cloud and Container Security: 

• Minimum of 5 years experience with AWS, Azure, GCP or OCI and demonstrable affinity with Cloud technology
• Knowledge of information security principles and guidelines (including CIS, MITRE ATT&CK frameworks)
• Strong working knowledge of IT risks, cybersecurity, computer operating systems, and cloud computing environments
• Experience with containerization: Kubernetes, Docker. Practical experience with serverless and secure development environments, infrastructure-as-code is a plus

Governance and Risk Assessment :

• Good knowledge of security frameworks such as ISO, NIST CSF, CSA and CIS controls
• Experience with the implementation of cloud risk frameworks and optimization of controls in CI/CD pipelines

Architecture and Design:

• Well-versed in Secure Cloud Architecture Design and Implementation; Able to design solutions for improving Cloud Security by enforcement of cloud security guardrails and standards
• Experience with architecture and security reviews, threat modeling applications, and identifying areas of risk
• Experience with encryption in-flight and at-rest practices, as well as certificate and secrets is a nice to have
• High level knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS)
• Experience implementing strategies to support secure and compliant architectures

Soft skills: 

• Adaptable, flexible and able to see the bigger picture
• Comfortable or eager to be involved in business development initiatives, should be at ease being on the market and engaging with potential new clients or increasing our offering with existing clients
• A thought-leader with a strong drive and motivation to build a team
• Ability to work within international environment

Certifications such as CISSP, CISA, or CISM are highly desired

Skills and Experience Requirements:

- 3+ years of experience as an Information Security Auditor/Internal Security Assessor.

- Experience managing controls or compliance with SOC2, ISO 27001, PCIDSS.

- Experience managing multiple projects in a fast paced, ambiguous environment, accountability/ownership for the audit project lifecycle.

- A high degree of personal integrity, attention to detail, and strong investigative skills.

- Associate or bachelor’s degree in  Information Security/IT/Cybersecurity related discipline is preferred.

Responsibilities:

- Schedule, coordinate, and lead company internal audits. Handle the full internal audit cycle.

- Develop and implement of audit program ( ISO/IEC 27001, PCIDSS, GDPR).

- Support preparation for external audits, liaise with external auditors and provide internal guidance in support of external audits.

- Plan, implement, monitor, and upgrade security measures to protect the organization’s data, systems, and networks.

- Conduct audits regular audits and provide recommendations.

- Maintain, monitor, and improve the audit process. 

- Control of implementation of corrective actions addressing nonconformities with management systems standards and document requirements.

We offer:

- 20 working days of vacation;

- 12 sick days;

- Compensation for sick leave;

- Medical insurance;

- Flexible work schedule;

- Gifts and benefits for significant occasions;

- Mental health care;

- Support and development of volunteer culture.

Delasport — Implementing Technological Solutions Here and Now.

Delasport is an iGaming Software company providing Sports Betting & Online Casino software, and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution of Sports Betting and Online Casino from a White-Label, with a full range of management services to a Plug&Play iFrame and a complete Turnkey. We are establishing an R&D center in Kyiv, and are looking for top talents to join our team.

RESPONSIBILITIES

• Monitor compliance with information security and privacy policies at a technology company.
• Completing vendor security assessments and reviews.
• Reviewing security clauses in customer and vendor contracts.
• Providing, reviewing, and enhancing security training and awareness programs.
• Management of the organization's technological risk assessments.
• Helping security leaders to identify and assess risks of the organization and developing strategies to manage and mitigate these risks.
• Develop and implement best practices for assessing and evaluating IT and security controls for the organization third-party businesses.
• Manage the penetration testing and technical risk assessments from end to end.
• Supporting the business with customer engagements, including attending customer calls and supporting our sales teams

REQUIREMENTS  

• Minimum of 5 years of experience in a similar role in a technology/software/cloud organization
• Experience implementing and enforcing information security, regulatory, and privacy policies across the business.
• Acquaintance working with cyber security tools and products.
• Solid knowledge of information security principles and practices.
• Knowledge of risk management frameworks and industry compliance standards such as ISO 27001/ SOC2/ PCI DSS
• Excellent interpersonal skills and ability to work in a team with multiple interfaces.
• Experience working at SaaS provider company - an advantage.
• Fluent English

WHAT WE CAN OFFER YOU

• Modern office in Podil with an uninterruptible power supply and the Internet
• Personal time off (21 business days of paid vacation, paid days on special occasions, sick leaves, emergency days off)
• Public holidays
• Health insurance with the broker which is available from the first month of cooperation
• Life insurance with the broker which is available from the first month of cooperation
• Modern technical equipment
• English courses with native speakers
• Ukraine-based educational programs
• Sports activities reimbursement
• Corporate entertainments
• Happy hours on Fridays
• Gig contract support

FAVBET Tech develops software that is used by millions of players around the world for the international company FAVBET Entertainment.
We develop innovations in the field of gambling and betting through a complex multi-component platform which is capable to withstand enormous loads and provide a unique experience for players.
FAVBET Tech does not organize and conduct gambling on its platform. Its main focus is software development.

Main areas of work:

• Betting/Gambling Platform Software Development — software development that is easy to use and personalized for each customer.
• Highload Development — development of highly loaded services and systems.
• CRM System Development — development of a number of services to ensure a high level of customer service, effective engagement of new customers and retention of existing ones.
• Big Data — development of complex systems for processing and analysis of big data.

• Cloud Services — we use cloud technologies for scaling and business efficiency.

   

About Us
We are a dynamically growing company specializing in developing high-load and fault-tolerant systems. Our team values professionalism, innovation, and a commitment to continuous growth.

Responsibilities:

• Lead the design, implementation, and integration of various cyber defense tools
• Conduct threat hunting over log sources connected to the SIEM and develop new coverage
• Monitor security alerts, perform triage and analysis, and respond to security incidents
• Identify security tools and implement solutions from POC to production (e.g., container security, cloud security, etc.)
• Develop SOAR to enhance monitoring, response, and observability for security alerts
• Managing infrastructure as code with Terraform
• Managing configuration as code with Ansible (AWX), Helm and Jsonnet
• Work closely with Engineering and DevOps teams to define a security strategy and execute it. 

Requirements:

• Strong knowledge of AWS, Kubernetes, containerized, and microservice architectures
• Strong knowledge of Linux and using languages such as Shell/Bash, Python, or Go
• Strong knowledge of Terraform, Ansible and Helm
• Experience with security solutions in cloud environments (e.g., DDoS, WAF, IDS/IPS, DB-FW, Kubernetes security, etc.)
• Knowledge of build/release systems and CI/CD pipelines

Nice to Have:

• Experience with Elastic XDR, including fine-tuning ILMs

We offer:

• 30 day off — we value rest and recreation;
• Medical insurance for employees and the possibility of training employees at the expense of the company and gym membership;
• Remote work or the opportunity — our own modern lofty office with spacious workplace, and brand-new work equipment (near Pochaina metro station);
• Flexible work schedule — we expect a full-time commitment but do not track your working hours;

• Flat hierarchy without micromanagement — our doors are open, and all teammates are approachable.

   

During the war, the company actively supports the Ministry of Digital Transformation of Ukraine in the initiative to deploy an IT army and has already organized its own cyber warfare unit, which makes a crushing blow to the enemy’s IT infrastructure 24/7, coordinates with other cyber volunteers and plans offensive actions on its IT front line.

Have you always dreamed of building a career in information security? Do you have an analytical mindset and a keen eye for detail?

We are looking for an IT Compliance & Audit Specialist who is eager to expand their knowledge in information technology and cybersecurity, as well as gain experience working in an international IT company.

You will work on a wide range of tasks related to information security to support the company's operations together with our Security Department.

Sounds interesting? There's more to come 💛

What you will do:

• Manage certification preparation processes (ISO, PCI DSS, SOC 2, etc.) and conduct them in accordance with relevant requirements (HIPAA, GDPR, CCPA, etc.)
• Monitor compliance of IT infrastructure with security standards;
• Collaborate with auditors and certification bodies;
• Monitor changes in legislation and security standards;
• Create documentation on policies and processes;
• Handle security requests from clients (external and internal);
• Develop and conduct internal audits;
• Assess risks and monitor compliance with security requirements;
• Prepare and conduct training on information security and compliance requirements.

What you need to succeed in this role:

• 3+ years of proven experience in information security, audit or compliance sphere(s);
• Degree in information technology, cybersecurity, law or risk management;
• Certifications (one or more) are desirable:
  - ISO 27001 Lead Implementer / Lead Auditor;
  - CISM (Certified Information Security Manager);
  - CISA (Certified Information Systems Auditor);
  - CISSP (Certified Information Systems Security Professional);
  - CIPP/E or CIPM (for GDPR);
  - PCIP, ISA or QSA (for PCI DSS).
• Experience in external audits and certification preparation;
• Knowledge of risk management principles;
• Skills in conducting GAP analysis and internal audits;
• Outstanding analytical skills and attention to detail; 
• Excellent English skills (for interacting with auditors, writing policies and reports, communicating with clients).

Would be a plus:

• Experience working in the financial and/or tech industry that handles sensitive data;
• Experience in automating compliance processes (GRC platforms, ISMS systems);
• Knowledge of DevSecOps approaches for integrating security into the development lifecycle.

Benefits and Perks:

• Business hours;
• Opportunity to work fully remotely;
• Creative and unique art offices;
• Inclusive international environment;
• Compensation in USD;
• Good bonuses for referring friends;
• Paid intensive training and probation;
• Mind-blowing corporate events and social activities;
• Work-life balance;
• Responsive management interested in your growth and long-lasting cooperation;
• Greenhouse conditions for self-development.

Skills and Experience Requirements:

- 3+ years of experience as an Information Security Auditor/Internal Security Assessor.

- Experience managing controls or compliance with SOC2, ISO 27001, PCIDSS.

- Experience managing multiple projects in a fast paced, ambiguous environment, accountability/ownership for the audit project lifecycle.

- A high degree of personal integrity, attention to detail, and strong investigative skills.

- Associate or bachelor’s degree in  Information Security/IT/Cybersecurity related discipline is preferred.

Responsibilities:

- Schedule, coordinate, and lead company internal audits. Handle the full internal audit cycle.

- Develop and implement of audit program ( ISO/IEC 27001, PCIDSS, GDPR).

- Support preparation for external audits, liaise with external auditors and provide internal guidance in support of external audits.

- Plan, implement, monitor, and upgrade security measures to protect the organization’s data, systems, and networks.

- Conduct audits regular audits and provide recommendations.

- Maintain, monitor, and improve the audit process. 

- Control of implementation of corrective actions addressing nonconformities with management systems standards and document requirements.

We offer:

- 20 working days of vacation;

- 12 sick days;

- Compensation for sick leave;

- Medical insurance;

- Flexible work schedule;

- Gifts and benefits for significant occasions;

- Mental health care;

- Support and development of volunteer culture.

Only office Kyiv❗
 

Delasport — Implementing Technological Solutions Here and Now.

Delasport is an iGaming Software company providing Sports Betting & Online Casino software, and turnkey B2B solutions. Established in 2010, Delasport delivers a one-stop-shop solution of Sports Betting and Online Casino from a White-Label, with a full range of management services to a Plug&Play iFrame and a complete Turnkey. We are establishing an R&D center in Kyiv, and are looking for top talents to join our team.

RESPONSIBILITIES

• Monitor compliance with information security and privacy policies at a technology company
• Conduct vendor security assessments and reviews to ensure our partners align with security standards
• Review security clauses in customer and vendor contracts to ensure proper alignment with policies and regulations
• Provide, review, and enhance security training and awareness programs for internal teams
• Manage the organization's technological risk assessments, identifying potential vulnerabilities
• Help security leaders identify, assess, and mitigate organizational risks by developing strategies
• Develop and implement best practices for assessing and evaluating IT and security controls within the company and third-party businesses
• Manage the end-to-end process of penetration testing and technical risk assessments
• Support the business with customer engagements, including attending calls and supporting sales teams

REQUIREMENTS  

• 5 years of experience in application security and network security, including the understanding of application security attacks, vulnerabilities, and mitigations
• Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
• Proficiency with cloud security principles and best practices (e.g., AWS, Azure, GCP), experience with DevOps, SRE, Kubernetes, Containers, and CI/CD
• Hands-on experience in the implementation and maintenance of Palo Alto / Checkpoint Firewall systems and a deep understanding of working with L2/L3/L7 Policies
• Familiarity with security tooling such as WAF, FW, CSPM, CNAPP, EDR, SIEM, SOAR, DLP
• Ability to conduct investigations into information security events – analysis of network and application-based events, issuing IOCs and implementing them in the systems
• Ability to work autonomously, taking ownership of security challenges and driving solutions
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders 
• Fluent in English

WHAT WE CAN OFFER YOU

• Modern office in Podil with an uninterruptible power supply and the Internet
• Personal time off (21 business days of paid vacation, paid days on special occasions, sick leaves, emergency days off)
• Public holidays
• Health insurance with the broker which is available from the first month of cooperation
• Life insurance with the broker which is available from the first month of cooperation
• Modern technical equipment
• English courses with native speakers
• Ukraine-based educational programs
• Sports activities reimbursement
• Corporate entertainments
• Happy hours on Fridays
• Gig contract support

Samsung R&D Institute Ukraine is looking for a passionate and collaborative Junior mobile security researcher to join our team.

You will perform device-side white/black-box software security research of Samsung mobile products:

• security review of Android mobile applications, firmware components, internal modules
• perform security evaluation\validation for internally discovered vulnerabilities and for public domain issues
• research and monitor emerging threats, including new attack methods and new types of security issues

Major Requirements

• Foundational programming skills, ability to understand execution logic in C/C++, Java.
• Solid understanding of Linux and Android basic security architecture.
• Foundational understanding of common software security issues (buffer/integer overflows, format string, use-after-free, path traversal, etc).
• Competent technical English: clear reporting, vulnerability description capabilities and communication skills.
• Prior security background (University, relevant prior employment\work).
• Ability and desire to study and develop assessment skills

Optional Requirements

• Practical experience in reverse-engineering (preferably *.apk and ARM binaries), software exploitation, binary and source code audit as a great plus.
• Exploitation proof-of-concept development experience as a great plus.
• Participation in security contests (ex. CTF), own write-ups publications, community activities.
• Hands-on experience with assessment automation tools (fuzzers, static source code analyzers).
• Applied crypto: basic knowledge of existing algorithms and their applied usage (AES/RSA/ECC/SHA).

Working Conditions

• official employment, as per Ukrainian labor law (regular employee) or GIG contract
• remote work is possible as well as work in Kyiv office

Benefits

• competitive salary, annual salary review, annual bonuses
• paid 28 work days of annual vacations and sick leaves
• opportunity to become an inventor of international patents with paid bonuses
• medical & life insurance for employees and their children
• paid lunches
• discounts to Samsung products, gym, restaurants, services
• regular education and self-development on internal courses and seminars

FAVBET Tech develops software that is used by millions of players around the world for the international company FAVBET Entertainment.
We develop innovations in the field of gambling and betting through a complex multi-component platform which is capable to withstand enormous loads and provide a unique experience for players.
FAVBET Tech does not organize and conduct gambling on its platform. Its main focus is software development.

Main areas of work:

• Betting/Gambling Platform Software Development — software development that is easy to use and personalized for each customer;
• Highload Development — development of highly loaded services and systems;
• CRM System Development — development of a number of services to ensure a high level of customer service, effective engagement of new customers and retention of existing ones;
• Big Data — development of complex systems for processing and analysis of big data;
• Cloud Services — we use cloud technologies for scaling and business efficiency.

Responsibilities:

• Implementation of an information security management system (ISMS) and ensuring the company’s compliance with international standards and internal policies;
• Development, updating and implementation of internal regulatory documents;
• Development of a threat model;
• Conducting information security risk assessments, developing and overseeing the implementation of risk mitigation plans;
• Development, implementation and support of a user awareness program (SETA);
• Support for external and internal information security audits;
• Improvement and optimization of IS processes, development of performance metrics and quality control of the IS function, reporting;
• Participation in strategic planning and determining development directions.

Requirements:

• At least 3 years of experience in Information Security, including 1 year in a managerial role;
• Experience in implementing an ISMS and certifications for compliance with IS standards;
• Deep knowledge of international IS standards and legislation (ISO 27001, PCI DSS, GDPR);
• Experience in developing regulatory documentation;
• Knowledge and practical skills in risk and incident management, SETA and audit;
• Experience in project and change management;
• English — Upper-Intermediate level or higher.

Will be a plus:

• Holding certifications such as ISO, CISM, CISA, CISSP, or equivalent is a plus
• Knowledge of other standards of the ISO 270xx series, NIST SP 800, NIST CSF, CIS Controls

We can offer:

• 30 days off per year (vacation and sick days) — we value rest and recreation. We also comply with the national holidays.
• Medical insurance for employees and the possibility of training employees at the expense of the company and gym membership.
• Remote work; after Ukraine wins the war — our own modern lofty office with spacious workplace, and brand-new work equipment (near Pochaina metro station).
• Flexible work schedule — we expect a full-time commitment but do not track your working hours.
• Flat hierarchy without micromanagement — our doors are open, and all teammates are approachable.

During the war, the company actively supports the Ministry of Digital Transformation of Ukraine in the initiative to deploy an IT army and has already organized its own cyber warfare unit, which makes a crushing blow to the enemy’s IT infrastructure 24/7, coordinates with other cyber volunteers and plans offensive actions on its IT front line.

Presale консультант з інформаційної безпеки

IT-Solutions — провідний системний інтегратор України, який вже понад 15 років впроваджує сучасні рішення для ІТ-інфраструктури, надає послуги в сфері ІТ-консалтингу та інформаційної безпеки. Виконує замовлення для великих комерційних і державних організацій.

Запрошуємо в свою команду Presale консультанта з інформаційної безпеки

Основні завдання:

• експертна підтримка менеджерів з продажів, визначення потреб замовника за напрямом Інформаційна безпека;
• підготовка архітектури рішень у рамках комплексних проєктів;
• створення специфікацій та комерційних пропозицій;
• аналіз тендерної документації;
• технічне навчання, консультування менеджерів з продажів;
• аналіз ринку, робота з основними вендорами за напрямом Інформаційна безпека;
• розвиток партнерських відносин.

Від кандидата ми очікуємо:

• релевантний досвід роботи від 2 років;
• знаннями трендів в ІТ-безпеці;
• знання принципів роботи основних систем ІБ;
• розуміння концепцій побудови рішень у галузі ІБ;
• знаннями портфеля провідних виробників у галузі ІБ;
• навички читання професійної технічної літератури та нормативної документації;
• знання англійської мови на технічному рівні.

Софт скіли:

• самодостатність, самоорганізованість, націленість на результат та прагнення розвитку — це фундамент;
• бути відповідальним на роботі в сучасних умовах — це гарантувати виконання своїх професійних обов’язків. Ми прагнемо бачити серед своїх співробітників людей, які завжди справляються з поставленими задачами;
• мати цілі і бути цілісним.

Ми пропонуємо: 

• графік роботи — 09:00-18:00, п'ятниця — скорочений день до 17:00; субота-неділя — вихідні;
• працевлаштування та гарантії відповідно до КЗпП;
• щорічну відпустку — 24 календарні дні, вихідний у день народження;
• можливість підвищувати фаховий рівень у межах корпоративного навчання, отримання сертифікації за рахунок компанії;
• медичне страхування після закінчення строку адаптації;
• офіс, облаштований генератором, який забезпечує безперервну роботу системи опалення та водопостачання; є укриття й стабільний зв’язок;
• пільги та інші заохочення — відповідно до політики компанії;
• відкриту і демократичну корпоративну культуру, спілкування на «ТИ» та модель управління «відчинені двері»;
• офіс за адресою: вул. Студентська, 3, в 10 хвилинах пішки від метро.

Детальніше про нас можна дізнатися на сайті https://it-solutions.ua/

Чекаємо Ваше резюме!

Рекрутер, Марина

Тел.: 063 417 23 97

Компанія «ABC» надійний роботодавець, який цінує свій колектив та репутацію, з багаторічним досвідом роботи займається побудовою IT інфраструктури всередині замовників, забезпеченням IT-підтримки, а також інженерним супроводом проектів.

Компанія має високі рівні сертифікації від світових лідерів IT ринку: HPE, CISCO, DELL, LENOVO, Oracle, IBM, HPE, Microsoft, Micro Focus, VMWARE, FORTINET, Trend Micro, Check Point та інші.

Наші партнери: співпрацюємо з світовими виробниками ІТ ринку.

Наші клієнти: ми співпрацюємо з компаніями міжнародного рівня, що допомагає нам створювати та підтримувати якісний продукт.

Наші переваги:

• Найвищі партнерські статуси провідних світових виробників ІТ-ринку;
• 10 сертифікованих інженерів у штаті компанії по кожному напрямку діяльності та 50 на супідряді, які постійно підвищують свою кваліфікацію та здобувають досвід у різноманітних проектах;
• Індивідуальний підхід до унікальної ІТ-інфракструктури кожного Замовника;
• Досвід реалізації ІТ-проекктів Національного рівня.
• Мультивендорність в підборі рішення, яке повністю задовольняє вашим потребам.

У зв’язку з розширенням, запрошуємо Вас стати частиною нашої команди, на даний момент ми в пошуку інженера за напрямком інформаційна безпека, пре-сейла.

Ключові обов’язки:

• Проектування рішень з інформаційної безпеки;
• Консультування Замовників щодо підбору продуктів інформаційної безпеки, рішень та програмного забезпечення;
• Підготовка та прорахунок технічних специфікацій;
• Написання технічних завдань (ТЗ);
• Інсталяція та налаштування обладнання та програмного забезпечення;
• Проведення пілотних проектів і РоС.

Вимоги:

• Досвід роботи від 2-х років в інформаційних технологіях;
• Знання англійської мови на рівні читання технічної документації та вище;
• Досвід побудови та експлуатації систем інформаційної безпеки-впровадження, розробка політик, адміністрування, розслідування інцидентів;
• Досвід побудови та експлуатації мереж передачі даних;
• Досвід роботи із серверними операційними системами Windows, Linux;
• Досвід роботи з технологіями віртуалізації;
• Розуміння архітектури побудови, принципів та механізмів роботи сучасних систем та засобів, що забезпечують захист інформації;
• Знання продуктової лінійки провідних виробників, які використовуються під час побудови сучасної інфраструктури безпеки;
• Знання продуктів NGFW, AntiDDOS, SIEM, SOAR, Security Mail Gateway, Web Application Firewell, Antimalware, 0-day protection, контролю доступу привілейованих користувачів, DLP від будь-якого з великих виробників (Symantec, Fidelis, RSA), розуміння концепції побудови Security Operation Center (SOC);
• Знання класів систем та термінології з інформаційної безпеки;
• Знання принципів побудови мереж підприємства, технологій та протоколів мережевих комунікацій;
• Знання принципів роботи базових інфраструктурних сервісів (Служба каталогів, DNS, DHCP, файлові сервери, сервери додаткові та баз дани).

Ми пропонуємо:

• Офіційне працевлаштування згідно з КЗпП;
• Графік роботи: пн-чт. з 9:00 до 18:00, пт.з 9:00 до 17:00;
• Офіс поруч зі станцією метро Поштова площа; 
• Своєчасну, конкурентоспроможну заробітну плату та індивідуальну систему мотивації;
• Дружній колектив, роботу в команді професіоналів;
• Корпоративна англійська мова;
• Team building;
• Вихідний в день народження співробітника;
• Комфортний офіс з постійним світлом, запашною кавою, фруктами, солодощами.

Займаючи посаду і будучи співробітником «ABC», ви отримаєте :

Можливості власного розвитку:

• Постійне зовнішнє та внутрішнє навчання, зокрема від найкращих українських та зарубіжних тренерів;
• Участь у профільних конференціях;

Робота в компанії «ABC» це можливість:

• Працювати в цікавих, масштабних, амбітних проєктах у компанії-лідерів в IT-галузі, зокрема брати участь у розвитку компанії;
• Отримати досвід реалізації ІТ-проектів Національного рівня.

Якщо Ви маєте відповідний досвід, відправляйте резюме! Будемо раді бачити Вас у нашій команді!

Наразі шукаємо до нас в команду,Senior information security engineer \ Головного спеціаліста з інформаційної безпеки


Офісний формат роботи

 

Індивідуальні умови оплати

Що ми очікуємо від кандидата:
◼️Вища технічна освіта або закінчення спеціалізованих курсів у сфері ІБ
◼️Досвід роботи від 3 років в галузі забезпечення інформаційної безпеки
◼️Практичний досвід (проектування/впровадження) Industrial Cyber Security Solutions
◼️Знання інструментів і технологій IT-безпеки, включаючи SIEM, VPN, Firewall та протоколи шифрування
◼️Глибоке розуміння фреймворків та стандартів безпеки (ISO 27001, NIST, COBIT, CIT)
◼️Навички роботи з антивірусами, DLP, IDM, FIM та PAM, IPS/IDS рішеннями
◼️Досвід управління ресурсами СУІБ (asset management) та MDM системами
◼️*Сертифікації: CISSP, CISA, CISM, CEH, CHFI (будуть перевагою).

Ключові завдання посади:
◼️Створення і впровадження стандартів безпеки для захисту конфіденційних даних компанії та клієнтів
◼️Впровадження та адміністрування систем інформаційної безпеки (SIEM, IDS/IPS, DLP, MDM, аналітика логів напр - Wazuh, Surikata)
◼️Управління кіберризиками. Пошук, виявлення та обробка вразливостей інформаційних ресурсів
◼️Впровадження сучасних криптографічних рішень і протоколів шифрування для захисту даних 
◼️Організація регулярних Pentest периметра
◼️Створення політики IT-безпеки
◼️Навчання персоналу основам інформаційної безпеки

Чому тобі варто стати частиною нашої команди:

✅Сучасний, комфортний офіс в центрі Києва🏙

✅Фікс. ставка

✅Каво-брейки, корпоративи та зайві калорії за наш рахунок