ROLE DESCRIPTION SUMMARY The jobholder managesinformation system security risks. He / she specifies and implementsinformation system security concepts to adequately safeguardinformation assets of SES, its affiliates and commercial platforms.
The jobholder plans, implements, documents and operates informationsecurity systems and provides information security support servicesto architects and system / application engineers within theorganization to meet new and evolving security requirementsspecializing in Cloud and related technologies / solutions.
PRIMARY RESPONSIBILITIES / KEY RESULTS AREAS Support thedevelopment of a risk management framework for information systemrelated security risks and manage information system relatedsecurity risks accordingly Assess system and application securityrequirements, threats, vulnerabilities and security risks incomplex, heterogeneous systems and throughout their life cycleDevelop, deliver and maintain comprehensive and consistent securitysolutions to mitigate identified risks to an acceptable level Specify, implement and document information system securityconcepts and information security controls for new systems andoperational systems in close collaboration with system owners andengineering groups Deliver information security support services toarchitects and system / application engineers by providing clear,concise and constructive recommendations regarding informationsystem and application security Assist architects,system / application engineers in the identification andimplementation of appropriate information security controls andhardening of systems to ensure effective safeguarding of SESinformation assets Plan, implement, document and operateinformation security systems Define policies, processes,procedures, configuration baselines and guidelines to ensureappropriate security risk management throughout the system lifecycle Define system and application security baselines based onindustry best practices, which efficiently and effectively mitigaterisks, while respecting functionality and operational constraints.
Monitor compliance with hardening baselines and manage exceptions.Perform technical security assessments of information systems andapplications to identify vulnerabilities and non-compliance withestablished security standards and recommend effective mitigationstrategies Define and optimize the vulnerability and patchmanagement process.
The job holder analyses reports fromvulnerability assessment scanners, patch management tools, andemerging threat information, advises on the risk and remediationand monitors the mitigation of identified security issues.
Supportengineering groups with security engineering expertise in thedifferent security domains, such as identification and accessmanagement, authentication and authorization, secure design, systemhardening, risk management, vulnerability assessment andmanagement, security testing, secure software development Evaluateemerging risks and information security technologies to ensure anup-to-date information security risk register and to define andimplement effective, state-of-the-art security concepts.
Supportsecurity incident response with a focus on the implementation ofeffective preventive system security controls as well ascontainment, eradication and recovery of information systems.
Support the development and promotion of information securitypolicies, standards, processes and procedures and monitoringcompliance to the information security policy framework with afocus on information system security.
Lead information securityprojects as laid down in SES’s information security strategy anddeliver them within time, cost and scope.
Support the developmentand maintenance of SES’s information security awareness program andtraining program with content dedicated for system engineers toensure consistent management of information system security risks.
Travel and on-call duty as required COMPETENCIES Ability tolearn new technologies quickly Sound analytical skills as well asthe ability to provide practical solutions Autonomous, innovativemind and good problem-solving skills Self-motivating with provenability to deliver on complex and time critical tasks / projects Goodproject management and organization skills Ability to effectivelyinteract with organizational stakeholders Understand allstakeholders in the information security process and possess theability to explain security rationales and controls tonon-technical audiences Ability to understand business requirementsand work towards solutions, both autonomous and in teams Excellentteam player and ability to work in international andinterdisciplinary teams Ability to establish well-written,structured documents (e.
g. designs and infrastructuredocumentation) Be fluent in English (any other language being anasset) Excellent written and verbal communication skills QUALIFICATIONS & EXPERIENCE Degree in Computer Science and aminimum of 4 years industry related experience and 2 years in asystem administration role Sound, hands-on knowledge of andexperience with : Managing system related security risks, includingthe assessment of system security risks, specification of securityrequirements, the definition of security concepts, secure systemdesign, implementation of security controls, specification ofsecure configuration baselines, assessment of security controls andvulnerabilities Knowledge of Cloud Solutions (e.
g., Azure, AWS,SalesForce, ) SSO / SAML, JSON, PowerShell, RestAPI, relatedscripting technologies advantageous Operating Systems (MS Windowsand Linux), Citrix / VMWare and applications, including a clearunderstanding of their vulnerabilities and how to secure themVulnerability, compliance and patch management for complex,heterogeneous systems Virtualization and Data Center technologiesand corresponding security technologies Identity and AccessManagement and Strong Authentication Systems Public KeyInfrastructure (e.
g., Public Certificate Management, InternalCertificate Management, ) Anti-Virus and Host-based IntrusionPrevention Systems Security Information and Event Management DataLeakage Prevention Security standards, best practices andguidelines (e.
g., NIST SP-800 series, DISA STIGs, CIS, etc.)Relevant product and general security certifications (e.g.,AWS-CSA, GCWN, MCSE-Cloud, CompTIA Cloud, GCED, GCUX, GCIH,GISP, CISSP-ISSEP, CISSP-ISSAP, GPEN, CEH) and knowledge ofthe satellite industry are a plus Solid knowledge of IT securitythreats, vulnerabilities, security technologies, controls and bestpractices NATO / EU SECRET clearances are considered a strong asset.
Candidate must be willing to undergo a security clearance procedureas this position might require holding security clearance WHAT'S IN IT FOR YOU?
In addition to a competitive salary andbenefits package, we offer you a truly global opportunity in anexciting industry and all the support you’ll need for both yourprofessional and personal development.
But most of all, we offer atruly unique opportunity to play your part in making a differencefor those who need it most. We strive to uphold honesty,transparency and courage in everything we do.
We’re proud to belongto the SES team and collaborate towards success. GOOD TOKNOW SES and its Affiliated Companies are committed to hiring andretaining a diverse workforce.
We are an EqualOpportunity / Affirmative Action employer and will consider allqualified applicants for employment without regard to race, color,religion, gender, pregnancy, sex, sexual orientation, genderidentity, national origin, age, genetic information, protectedveteran status, disability, or any other basis protected by local,state, or federal law.
In conformity with U.S. Governmenttechnology export regulations, including the International Trafficin Arms Regulations (ITAR) and the Export AdministrationRegulations (EAR), and / or other applicable U.
S. law, regulation orother requirements imposed by the U.S. Government, certainpositions may require U.S. Citizenship, status as a lawfulpermanent resident of the U.
S. or a protected individual asdefined by 8 U.S.C. 1324b(a)(3), or eligibility to obtain therequired authorizations from the U.
S. Department of State or U.S.Department of Commerce.