Division: CISO
As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the company’s' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to protect our information assets adequately and effectively.
Role
The responsibilities for this position include, but are not limited to:
1. Facilitation and creation of threat models
2. Co-Development of threat modelling processes and strategies that enable security by design and empower shifting security left.
3. Co-Analysis of threat models in collaboration with blue teams to with focus on detection and response enhancements
4. Development of Enterprise level cyber threat scenarios to enable risk management and preparedness.
5. Identification of areas for potential attacks and systemic security issues as they relate to threats and vulnerabilities, including recommendations for enhancements or remediation.
6. Preparation and delivery of written and verbal briefings to communicate threat modelling findings across all levels of the enterprise and monitoring the cyber threat environment to incorporate trends in potential attack activity.
Requirements
This role requires a wide variety of strengths and capabilities, including:
7. Bachelor’s degree in relevant field or equivalent relevant experience
8. Strong written and communication skills
9. Good technical understanding in software design and development
10. Sound experience/exposure in security related capacity or domain
11. Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation.
12. Foundational knowledge of legal, government and jurisprudence as they relate to cybersecurity.
13. Good understanding of cybersecurity activities associated with risk management, data management, cloud computing, identity management, incident management and vulnerability management.
14. Good understanding of networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, OS and software vulnerability and exploitation techniques
15. Good understanding of the MITRE ATT&CK framework, ISO 27001, threat modelling concepts like dataflow diagrams and tools like STRIDE, PASTA, LINDUNN etc.
16. Nice to have threat intelligence gathering and sharing experience.
#LI-NS1