Wyser is the international company within Gi Group in charge of searching for and selecting specialized middle and senior management.
We are looking for a 'Cyber Security Architect' for our client of Information Technologies industry.
- Identifying and establishing the security needs and controls required for a layered IT security architecture,
- Researching new security technologies and solutions, conducting PoC activities,
- Determining and monitoring the controls on security devices and identifying necessary improvements,
- Determining information security requirements of the projects and activities carried out by other departments and teams
- Conducting threat modeling and risk assessment activities on existing processes and new projects Evaluating identity and access requests for information systems,
- Determining and evaluating security controls on SDLC processes,
- Monitoring new security threats and vulnerabilities, identifying solutions and communicating with retaled parties to take necessary actions,
- Performing infrastructure and application (web, mobile, API, etc.) security tests within the scope of vulnerability management process,
- Managing the tools and platforms used in the vulnerability management process,
- Organizing annual penetration tests with regard to BRSA regulations,
- Advising and consulting security teams with information security subject matter expertise.
- Minimum 5 years of experience in information security Knowledge of information systems processes and infrastructure,
- Knowledge of Windows/Unix/Linux operating systems and TCP/IP protocols,
- Knowledge of Next Generation Firewall, IPS, WAF, EPP, EDR, HSM, SIEM, DLP, E-Mail Security, URL Filtering, DDoS, PAM, IDM solutions,
- Knowledge of information security policies and regulations (BRSA regulations, KVKK) Knowledge of frameworks and standards such as NIST CSF, PCI DSS, ISO 27001,
- Knowledge of application development lifecycle (SDLC) security tools (SAST, DAST, SCA, etc.) Analytical thinking and result oriented,
- Preferably at least one of CISSP, CISM, CISA, OSCP, OSCE, OSCE, OSEE, OSWE, OSWP, GPEN, GWAPT, GXPN, GMOB, eJPT, eWPT, eCPTX, eWPTXv2, eMAPT, LPT certifications.