Every single day we produce and deliver the energy for a better life for millions of Romanians. Essential for the comfort of our lives, the need for mobility or the passion for discovering and traveling, oil, gas and electricity are quite literally the wheels of society.
You will be responsible for managing and improving the vulnerability management operations, detecting & remediating misconfigurations, partnering closely with our infrastructure and application teams to remediate security vulnerabilities and reduce the overall attack surface for OMV Petrom Group and OMV Group.
What You Will Do:
- Reviews security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets;
- Provides technical vulnerability analysis and remediation options; leads meetings with business partners to ensure remediation efforts adhere to corporate standards and policies;
- Performs risk/threat/vulnerability analysis and discovery as well as exploitation processes and techniques;
- Provides guidance to mitigate and defend against known risks and in judging the severity and impact of vulnerabilities as well as setting up priorities;
- Automates and continuously improves the vulnerability management process and tools (Qualys and ServiceNow);
- Responsible to integrate, analyze, and communicate relevant metrics for very large data sets;
- Implements security measures according to best practice and expert knowledge of security and privacy controls at application, servers, database and network level;
- Assesses security controls for various technology platforms including Cloud technologies, OS, DB and Networks;
- Identifies assets and runs/configures the vulnerability scanner / troubleshoot authentication and false positives;
- Provides IT Security operational approvals on various InfoSec topics.
Required Job Qualifications:
- Master (IT Computer Science, Engineering or Business); specific certifications such as . Security+, CEH, CISSP or OSCP would be of advantage;
- 7 years IT professional experience with minimum 3 years in an Information Security Role;
- Experience with Vulnerability Assessment solutions such as Nessus, Nexpose, Qualys, Accunetix, WhiteHat;
- Strong technical understanding of CVSS, OWASP Top 10 and Vulnerability Exploitability ratings;
- Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, VMware, Citrix, Oracle and MySQL platforms;
- Advanced command of English (written and spoken); German is appreciated;
- Good understanding in one or more areas: Service Continuity, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design, Auditing;
- Strong technical knowledge of IT Networks, Firewalls, IDS/IPS, DNS, Operating Systems and Enterprise integrations;
- Advanced ability to recognizes, communicate, and mitigate information and technology risk;
- Ability to grasp the essence of new technical concepts and explain technical jargon in simplified terms.