Cyber Security Expert

Decskill, founded in 2014 as an IT Consulting Company, places paramount importance on its greatest asset: its people. Our main mission is to deliver value through knowledge and talent, and we achieve this by fostering a culture of excellence and investing in the development and well-being of our people. With over 600 dedicated professionals and offices in Lisbon, Porto, Madrid, and Luxembourg, Decskill operates across three core areas:

Decskill Talent: We believe that our people are key to our success. Through Decskill Talent, we empower our team to embrace the digital transformation challenges of our clients. We collaborate with clients to drive innovation, ensuring project success and business growth.

Decskill Boost: Equipping our team with the latest tools and methodologies, we optimize Time-to-Market and deliver innovative solutions exceeding client expectations.

Decskill Connect: Our team collaborates closely with clients to implement and manage IT infrastructures that generate long-term value.

At Decskill, we believe that by nurturing and empowering our people to confront the challenges of digital transformation, we create value not only for our clients but also for our entire ecosystem, fostering a digital community dedicated to growth and progress.

We are looking for a Cyber Security Expert for a hybrid project based in Lisbon (2x/Week).

Scope: Candidate will participate to IT project security reviews conducted on a global basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production teams. The consultant will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.

Requirements:

• 5+ years of experience in Application Security and Cyber Security Incident Management.
• Expertise in vulnerability management.
• Certification (not mandatory but strongly recommended) : CISM, CCSP, CSK, CEH, CISSP .
• Fluency in English (both written and spoken) is mandatory.

Responsibilities:

• Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
• Identify and implement the latest security standards for internet facing and internal assets.
• Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing.
• SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and SCA (Software Composition Analysis).
• Perform Security risk assessments and reviews to be presented to respective committees.
• Ensure the adequate security level for all applications, whatever the IT project managers location and hosting provider.
• Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets.
• Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes.
• Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA).
• Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements.
• Ensure the compliance with the Third-party Technology risks and Cloud security Identify the process gaps and provide solutions.
• Ensure the coordination with other IT security or other actors in the region or globally.
• Assist for a Risk Treatment for any WM issue, based on the processes.
• Identify the IT security risks in advance, record and follow-up them.
• Define and contribute to processes from cybersecurity perspective.
• Periodic reporting of security status to WM IT Domain Head and security champion.
• Ensure the regular reporting for management follow-up.
• Handle Cyber alerts & Incident by investigating and following with handlers until the issue is closed.
• Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents.
• Ensure the effectiveness and success of vulnerability management process.
• Ensure the compliance level of the production environment and integrate to reporting.

If you’re interested in this job please send your CV to with reference CN/CSE.

Decskill is committed to equality and non-discrimination with all our talents. We recruit and promote talent, based on diversity and inclusion, regardless of age, gender, ethnicity, race, nationality or any other form of discrimination incompatible with the dignity of the human being.