Portfolio Careers

Discover opportunities to work at a NightDragon portfolio company

Infrastructure Security Engineer Jr. - AR-1230



Other Engineering
Posted on Monday, May 20, 2024

About the job

The world’s most critical--and at-risk--business applications have been neglected for far too long. Onapsis eliminates this blind spot by providing cybersecurity solutions dedicated to business-critical applications. Whether running on-premises, in the cloud, or in a hybrid environment, Onapsis helps nearly 30% of the Forbes Global 100 understand the threats and risks across their SAP and Oracle landscapes.

Key activities and responsibilities:

  • Assist in Infrastructure Security Management: Collaborate with other members of the team to implement and maintain security controls for the organization's infrastructure, including networks, servers, endpoints, mobile, and cloud environments.
  • Security Configuration and Hardening: Participate in the configuration and hardening of infrastructure components, including firewalls, switches, servers, WiFi and endpoints, to align with industry best practices and compliance requirements.
  • Vulnerability Management: Support the identification, assessment, and remediation of vulnerabilities across the infrastructure by conducting regular scans, prioritizing findings, and coordinating with relevant teams for resolution.
  • Incident Response Support: Assist in incident response activities by providing analysis and investigation support during security incidents, including log analysis, evidence collection, and containment measures.
  • Automation Scripting and Infrastructure as Code: Develop and maintain automation scripts using scripting languages to streamline routine tasks, while also designing, implementing, and managing Infrastructure as Code (IaC) templates.
  • Security Documentation and Reporting: Contribute to the development and maintenance of security documentation, including policies, procedures, and standards. Generate regular reports on security metrics and findings management review.
  • Collaboration and Communication: Work closely with cross-functional teams, including IT, operations, and development, to integrate security into all aspects of the infrastructure lifecycle. Communicate security risks, issues, and recommendations to stakeholders effectively.

Required skills and aptitudes:

  • Experience in Securing Endpoints, Servers, and Infrastructures: Demonstrated experience of at least 1 year in securing endpoints, servers, and infrastructures, with a comprehensive understanding of security protocols, cryptography, and networking principles.
  • Supporting Security Technologies: Experience with supporting a range of security technologies, including Firewalls, WAF and VPN, to ensure the protection and integrity of organizational assets.
  • Knowledge of Security Attacks and Mitigation Methods: Proficiency in identifying and mitigating network-based, system-level, and application-layer attacks, employing appropriate mitigation methods to safeguard against emerging threats.
  • Proficiency in Programming and Scripting Languages: Proficiency in common programming and scripting languages such as Python, PowerShell, and Bash, enabling the development of custom automation solutions and security scripts.
  • Cloud Security Experience: Experience securing or managing public clouds such as AWS, GCP, or Azure, with a focus on implementing robust security measures tailored to cloud environments.
  • Understanding of Infrastructure as Code (IaC) Paradigm: Understanding of Infrastructure as Code (IaC) concepts and their application to increase automation, scalability, and reliability within infrastructure management practices.
  • Intermediate English Proficiency: Intermediate proficiency in spoken and written English, facilitating effective communication and collaboration in an international and multicultural work environment.

Desired skills and aptitudes:

  • Experience in Agile Environments: Practical experience working in an agile environment, with the ability to adapt and thrive in a fast-paced, iterative development environment.
  • Knowledge of Information Security Standards: ISO 27001/27002, NIST 800-53, PCI DSS, CIS Critical Security Controls, etc., as well as regulations related to information security and data confidentiality (e.g., FERPA, HIPAA), and related security principles for risk identification and analysis.
  • Understanding of Current IT Risks: Good working knowledge of current IT risks and experience implementing and/or designing security solutions to address these risks effectively.
  • Strong Communication Skills: Strong communication skills, both written and verbal, to effectively collaborate with technical and non-technical team members, articulate security concepts and recommendations, and facilitate productive discussions.
  • Experience in Penetration Testing and Security Assessments: Practical experience performing Penetration Testing and Security Assessments, including vulnerability identification, exploitation, and remediation recommendations.
  • Relevant Certifications: Security, Networking and Cloud certifications are a plus, demonstrating proficiency and expertise in information security and cloud security domains.
  • Educational Background: Bachelor’s degree in computer science, systems engineering, or a related area, providing a solid foundation in technology and security principles.

Onapsis only invites candidates to apply directly through reputable job boards or the Onapsis careers page on our website. Job offers are extended only after a face-to-face video interview with an Onapsis HR representative. Please disregard any outreach from Onapsis via forums, social networks, or other platforms, as these are fraudulent.