SUMMARY
We are looking for an experienced and passionate Consultant, Information Security “ WAF and Threat & Vulnerability Management Level 2/3” to join our Information Security Services team!
The team’s mission is to predict and prevent incidents by identifying and helping to remediate security threats and weaknesses within DPDHL IT portfolio, emphasizing on applications & services.

Being part of this team, you will drive our threat and vulnerability management across the technology stack. Your job is to identify and help remediating security threats and weaknesses early on as well as and modelling their potential risk for our infrastructure and IT solutions.
Your work is essential to protect DPDHL group’s assets and react quickly to an ever changing, dynamic threat landscape. To achieve this, you will be interacting with our business colleagues, our Cyber Defense Center and our operations teams across the globe to name a few.

TEAM INTRODCTION:
Information Security Services cooperates with all division under the IT Security, Risk and Compliance Management team to meet business partner's requirements to maintain the confidentiality, integrity and availability of the IT infrastructure and assets. Services provided are but not limited to:
• Penetration Testing
• Threat Intelligence
• Vulnerability Management
• Support topics on compliance assessment on ISO readiness and data protection

The team also provides consulting services by reviewing & approving the security aspects of the existing network setup (Link Request Approvals) as well as system/software architectures (Application Build Recommendations & Change Requests). We believe the recommendation provides the best way to move forward to both strengthening existing security mechanisms and compensating for any inherent security weaknesses.

WHAT YOU WILL DO:
• Continuously identify, evaluate, assess, report and monitor vulnerabilities along our infrastructure and application landscape.
• Support and maintain the vulnerability detection and mitigation best practice.
• A general understanding of industry threat frameworks. E.g CVSS & MITRE ATT&CK
• Monitor availability of exploits, analyze impact and risk, and help to set priorities for remediation management
• Apply threat and vulnerability management program to information security practices and develop its maturity
• Participate in any incident response triage and proactive analysis in information security related vulnerabilities detection and mitigation in the network, systems and/or application.
• Analyze vulnerability feeds and support the Cyber Defense Center(CDC) operations with IOC/IOA based on vendor advisories , security alerts and threat trending
• Provide analysis and apply CVSS scoring mechanism, that associated to all related vectors/strings of vulnerabilities
• Detect, analyze, and acknowledged Cyber Defense Center(CDC) operation and EDR team for latest threats/detection signature and creation of use cases that able to monitor or drop related vulnerability exploitations
• Provide regular updates to the stakeholders on security assessment reports with detailed security issues and recommending workarounds
• Regular tracking and maintain the vulnerability process cycle to ensure timely closure of all vulnerability findings
• Actively investigate the latest in security vulnerabilities, vendor advisories, security incidents, and penetration techniques and notify stakeholders when appropriate
• Provide support and assistance, as well as participate, in ongoing and future projects and initiatives related to vulnerability management
• Continuously provide security assessment and consultation on firewall/network link request.

APPLICATION YOU WILL USE:
• Prior knowledge in vulnerability management & policy compliance scanning tool such as Qualys
• Prior knowledge in asset management tool such as Altiris.

WHAT YOU SHOULD HAVE:
• At least 4 years of experience in threat and vulnerability management in complex environments.
• Threat centric understanding of Vulnerability management
• Experience in VM & policy compliance scanning tools such as Qualys
• Experience in automating recurring tasks by scripting and API utilization
• WAF implantation and management.
• Working knowledge on F5 LTM – Virtual Ips, load balancing concepts, SSL certificates
• Strong understanding on attack signatures
• Ability to adapt to dynamic threat landscape in a global environment
• Ability to work unsupervised, under pressure and meet deadlines
• Communication and time-management skills
• Creative with strong commitment to quality and excellence
• Educated to degree level in IT Security, Engineering or equivalent
• Strong analytical skills and efficient problem solving
• Fluency in English

WHAT IS THE PLUS POINT(S):
• Certifications like GIAC family, CISSP, CISA, CEH, CompTIA Security+ or similar

WHAT YOU WILL GET FROM US:
• Great team of IT professionals with global working exposure
• On-going professional and technical training and certifications
• A multicultural environment in modern offices in Chodov next to metro station
• Home office possibilities
• Permanent contract
• CAFETERIA employee benefit program with wide selection of benefits from Edenred
• Extra week of holiday (25 days/year)
• 6 Self-sickness days/year
• Full salary compensation for up to 10 days absence due to illness per calendar year
• Lunch vouchers fully covered by company
• Multisport card
• Mobile and laptop
• Fruit days, sport clubs for employees
• Referral program

In accordance with the legitimate interest of DHL IT Services, the candidate for this role shall provide a copy of his/her extract from criminal record.

This role may not be performed if the criminal record confirms that the employee has been lawfully convicted for the criminal offence:
• against property;
• in the area of processing of personal data and/ or breach of secrecy of correspondence;
• any other criminal offence connected with the terrorism.

The submitted extract of criminal record may not be older than 3 months as of the day of its submission.

Benefits

• Bonuses
• Cell phone
• Notebook
• Contributions to the pension / life insurance
• Flexible start/end of working hours
• Holidays 5 weeks
• Cafeteria
• Sick days