CIS Security Engineer

Description

Summary: Join askblue as a CIS Security Engineer to support the definition, design, and implementation of secure Communications and Information Systems, ensuring compliance and managing security risks. Highlights: 1. Support secure CIS design, implementation, and accreditation. 2. Integrate cybersecurity throughout the full system lifecycle. 3. Develop and manage security accreditation documentation. Do you know askblue? We were born in 2013, and we provide services in the field of information technology. We are looking for an **CIS Security Engineer** to join our company in one of our projects. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- **Duties \& Responsibilities** ------------------------------ * Support the definition, design, procurement/development, and implementation of secure Communications and Information Systems (CIS). * Ensure compliance with CIS security accreditation policies and maintain appropriate security risk levels. * Conduct and document security risk assessments and policy compliance to support system accreditation. * Collaborate with the CTO’s CIS Planning and Implementation Authority (CISPIA) to deliver secure CIS solutions aligned with organizational guidance. * Integrate cybersecurity measures throughout the full system lifecycle (from design to operation). * Represent the organization in CIS security governance forums and stakeholder engagements. * Develop and manage required security accreditation documentation, including: + CIS Description + Security Accreditation Plan (SAP) + Security Risk Assessment (SRA) + Security Requirement Statements (SRSt) + Security Operating Procedures (SecOPs) + Security Test \& Verification Plan (STVP) + Security Test \& Verification Report (STVR) **Requirements** ---------------- * Bachelor’s degree in a relevant field \+ minimum 4 years of related experience, OR * No degree, but at least 8 years of extensive, progressive relevant experience. * Strong understanding of **cybersecurity domains**, including: + Boundary protection + Encryption + Identity \& access management + Monitoring \& detection + Incident response + Vulnerability assessment + Risk management * In\-depth knowledge of: + CIS security principles + Networking + Vulnerabilities in modern operating systems and application ### **Professional Experience** * At least 4 years of experience in: + Cybersecurity principles, technologies, and best practices + CIS security controls (traditional and cloud environments) + Designing, implementing, testing, and validating security components + Conducting security risk assessments and supporting accreditation processes + Identifying threats, vulnerabilities, and residual risks with mitigation recommendations + Supporting security accreditation in large\-scale CIS projects + Using risk assessment methodologies and tools ### **Additional Skills** * Experience in: + Writing and enforcing security policies and procedures + Compliance audits (e.g., ISO 27001, NIST 800\-53, GDPR) + Governance, Risk, and Compliance (GRC) * Strong communication and technical writing skill**s** ### **Certifications (Desirable)** * Certifications such as: + CISA (Certified Information Systems Auditor) + CISSP (Certified Information Systems Security Professional) **Work Arrangement:** * Hibrido **Offer:** * Health Insurance; * 3 and a half days of leave per year \+ 22 vacation days; * Unlimited access to Udemy. If you are interested in the opportunity, upload your C.V. or send it to angela.rei@askblue.com with the reference \#**16801383** in the subject. **askblue \- Where Business meets Technology**