Information Security Specialist at Arifu

Job Description:

Working closely across teams at Arifu, theISS will:

• Draft security policies and guidelines: Work with CTO & COO to update relevant documentation related to GDPR, Data Access Policies and Information Security Policies.
• Serve as a security expert and conduct training when needed.
• Design and implement safety measures, early warning systems and data recovery plans.
• Analyze IT specifications to assess security risks.
• Analyze existing security systems and make recommendations for changes or improvements.
• Communicate the system status and keep users informed of downtime or changes to the production system.
• Secure networks through firewalls/VPNs, password protection and other systems, including inspect hardware for vulnerable points of access.
• Install, configure and upgrade security software (e.g. antivirus programs) and remote asset management software.
• Upgrade systems regularly to remain secure Arifu’s digital assets; provide system updates and write code fixes application level vulnerabilities using security libraries (e.g. Sqreen).
• Monitor network activity to identify issues early, provide early warning of abnormalities or problems and escalate them to CTO.
• Act on privacy breaches and malware threats, in the event that a security breach does occur, prepare reports and action plans to prevent future breaches.
• Organize and conduct tests and “ethical hacks” of the existing security architecture,

Basic Qualifications:

The ISS should have the following:

• BSc/BA in Computer Science, Information Technology or a related field; professional certification (e.g. CompTIA Security+, CISSP, AWS CSS) is a plus.
• Proven experience as a ICS Specialist (5+ years), knowledge of current security risks and protocols (deep working knowledge of AWS security tools).
• Willingness to work through the problem (any time of the day) in the event of a security breach or other emergency, keeping the CTO informed and seeking decision/approvals.
• Ability to work under supervision, as well as the ability to take independent initiative when needed during crisis situations.
• Expertise in patch management, firewalls and intrusion detection/prevention systems (e.g.TippingPoint, AWS IDS/IPS).
• Programming skills in 2 languages will be preferred (e.g. knowledge of Python or Java or C++languages).
• Familiarity with security frameworks (e.g. NIST Cybersecurity framework), public key infrastructure (PKI) and cryptographic protocols (e.g. SSL / TLS).
• An analytical mind with excellent problem-solving ability.
• Outstanding communication, organization and decision-making skills.