Cyber Security Specialist

**Cyber Security Specialist**

**Lisbon, Portugal**

**About Skyfii**

Skyfii helps marketing, operations, IT and research teams measure, predict, and influence customer behaviour across the physical and digital world. Thousands of shopping centres, airports, retailers, smart cities, universities, restaurants, and other venues rely on Skyfii to understand and improve venue performance and create better experiences for their visitors.

Skyfii’s cloud-based BI and Martech platform allows our customers to visualise trends from digital and physical data in a single system of record. Skyfii’s Martech tools utilise the data available in the Skyfii platform to improve communication effectiveness and measurability. Skyfii augments this technology with its Data & Marketing Services group: a team of data science and marketing consultants who can help clients quickly and effectively get more value from their data.

Bolstered by the stability and transparency that come from being a public company, Skyfii (ASX:SKF) aims to responsibly use technology to positively affect relationships between people and the places they visit.

**Role Summary**

We are seeking a passionate security specialist that provides security expertise and advice across a spectrum of engineering and development projects to secure solution design. This role will help architect and manage the secure operation of our cloud based technical infrastructure.

The role will be responsible for delivery penetration testing, vulnerability assessments and remediation reporting across the enterprise.

The role will be responsible to pitch security advice at a technical level, directly to key stakeholders. The role may also provide support with client-facing engagements, security reviews, and compliance initiatives.

This position will report to the Cyber security director.

**Responsibilities (include but are not limited to)**:

- Providing technical scoping advice for penetration tests
- Deliver and manage penetration tests from the initial scoping and in-depth penetration/forensic assessments to recommending remedial technical and non-technical solutions where necessary
- Manage security tools and the newest cutting-edge hacking and red teaming
- Develop a strategy for implementing and maintaining compliance with industry standards and enabling automated compliance checks, i.e. ISO 27001
- Play part in the incident response team and keep abreast of security incidents and act as primary point for information security incident response
- Manage and maintain our DevSecOps and Container Security capabilities with things like best practice configuration, hardening, and patching.
- Research security trends and emerging technologies, identify our business and technical requirements, perform technical evaluation and support deployment of multi-regional security solutions.
- Serve as a key advisor and advocate for the DevOps team with a focus on security
- Liaise between the Cyber Security function and the Product and Data science teams, translating security requirements into a DevOps context
- Champion security within our technology environments, simplifying the security experience of our users and engineers whilst also improving our security posture.
- Use your expertise to assist wider areas of our Cyber Security programme - helping secure our products and setting our standards for security.

**Knowledge and Experience**
- 3-5 years Experience as a hands-on security engineer / specialist who has operated within a DevOps environment, or worked closely with DevOps engineering teams or;
- At Least 5 years and Proven track record of successful delivery security testing engagements, coordinating and managing penetration testing engagements and Experience with penetration testing methodologies in traditional and cloud environments (SaaS, PaaS, IaaS)
- Understanding of security concepts deeply to be able to engage with developers, data scientists, operational teams, technologists and product specialists.
- Strong experience working with AWS, Azure or similar Cloud infrastructure platforms
- Thorough knowledge of fundamental CI/CD and DevOps principles.
- Experience of security technologies used commonly within dynamic infrastructure environments
- Experience working with broader Application Security tools / technologies (e.g. GitLab CI/CD, SonarQube, etc.) is desirable.
- Adept at learning and understanding new technologies quickly.
- Good judgement to scope, plan and manage the security support required by projects, juggling the demand from different business areas.
- Natural inclination to communicate complex technical concepts in simple diagrams, blueprints and solution definitions.
- Experience with Linux, windows operating systems
- Experience with a variety of security products including firewalls, EDR, IDS/IPS, WAF
- Can demonstrate experience with security frameworks and best practices - OWASP, NIST, ISO 27001
- Deep understanding of privacy enhancement techniq