IT Security Coordinator
What you will do
Imec is looking for an IT Security coordinator to design, build and implement an appropriate IT security architecture across all IT departments, and to build and run a virtual worldwide Cyber Security operations team. The responsibility includes all tools, processes, and procedures used to protect and monitor Imec's global Hybrid Cloud environment. This function reports to the IT Operations Manager.
As IT security coordinator, you will have responsibilities in several areas:
- Design, build and implement enterprise-class security systems for a rapidly changing R&D environment.
- Develop IT domain specific policies, procedures and configuration standards.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Research security enhancements and make recommendations to management.
- Validate new systems on security best practices before releasing them in production.
- Ensure security requirements (CIA) are adequately addressed throughout the development and acquisition lifecycle for all assets.
- Ensure adequate IT security requirements are included in contracts.
- Design and execute penetration tests across a variety of technologies including web application, mobile and infrastructure.
- Interact with IT teams to keep them informed of the best security practices.
- Participate in security awareness programs, creating ideas and content, and support educational efforts to empower staff to prevent security threats of any kind.
- Stay up-to-date on information technology trends and security standards.
Security Operations Center (SOC)
- Implement a SIEM solution for monitoring and protecting Imec's Hybrid Cloud environment.
- Develop metrics to measure status and response of security events seen.
- Development processes to ensure proper visibility and monitoring of the environment.
- Supervise the day to day monitoring of the SIEM system.
- Develop and report status of SIEM and security posture to IT management.
- Maintain security by monitoring and ensuring compliance to standards, policies, and procedures.
- Set up, manage and maintain an incident response process and plan.
- Convene appropriate resources to manage a security incident, capture timelines of events.
- Create and disseminate internal communications to customers (via IT service center) and stakeholders including senior leadership.
- Coordinate Post-Mortem activities to analyse and learn, maintain and track identified improvement activities.
- Document and maintain the communication plan.
- Provide relevant Security incident related metrics and KPIs.
What we do for you
We offer you a challenging role in which you think and act strategically and in which you have a concrete impact on large programmes within our company. This is your opportunity to work in an advanced high-tech environment, contributing to technologies that will have an impact on tomorrow’s society. At imec, we offer ongoing learning opportunities to help you acquire new skills or deepen existing expertise.
Your valuable contribution and that of your colleagues make imec a top player in its field. Your energy and commitment are therefore appreciated by means of an attractive and competitive salary with many fringe benefits.
Who you are
We are looking for a highly-motivated person with the following assets:
- 5+ years of experience with Cyber Security concepts and practices.
- Deep understanding of security incidents, risks and threats.
- Knowledge and understanding of management tools used to detect anomalies.
- Experience in investigating and coordinating security incidents.
- Strong communication skills interacting with technical stakeholders including ability to convert technical language to business language.
- Strong presentation skills to illustrate metrics, processes and incident updates.
- Experience with firewalls and intrusion prevention/detection systems including the ability to demonstrate a mature understanding of networking best practices.
- Knowledge and understanding of information security domains, such as Identity & Access Control, Network Security, Data Protection, Vulnerability Management, Asset Management, and Endpoint Security.
- Experience with tools and suites such as Splunk SIEM, McAfee ePO, Palo Alto NGFW, CyberArk EPS/PAS, Cisco SDN, Microsoft EMS is a plus.