Cybersecurity Preparedness Support Expert
Location
Greece
Posted
2 days ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
Cybersecurity Preparedness Support Expert
InventYOU AB
Role Description inventYOU is looking for Cybersecurity Preparedness Support Experts to support cybersecurity readiness, technical security assessment and risk assessment activities for complex environments. The role focuses on: - Vulnerability assessment - Penetration testing - Infrastructure weakness analysis - Cybersecurity risk assessment - Threat hunting - Maturity assessment - Threat landscape analysis - Technical reporting Qualifications - Bachelor’s degree in Computer Science, Computer Engineering or equivalent - Intermediate level: at least 3 years of relevant professional experience - Senior level: at least 6 years of relevant professional experience - Experience in web application and network security testing - Experience in vulnerability assessment and/or penetration testing - Experience in infrastructure weakness analysis and technical reporting - Knowledge of cybersecurity risk assessment, risk treatment and remediation recommendations - Familiarity with threat hunting, threat landscape analysis, maturity assessment or risk scenarios - Familiarity with recognised frameworks or methodologies such as MITRE ATT&CK, ISO/IEC 31000, OCTAVE, CSIRT maturity frameworks or equivalent will be considered an asset - Very good command of English: B2 for Intermediate level, C1 for Senior level - For Senior level: proven project management skills Benefits - Join a people-focused technology company with an international mindset - Work on challenging projects for European clients and organisations - Be part of a collaborative and supportive team environment - Gain exposure to cybersecurity, technology and digital transformation projects - Develop your skills through hands-on experience and continuous learning - Work with experienced professionals across different business and technology domains
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Information Security Lead
emerchantpayWe’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.
Role Description We are looking for an experienced Information Security Lead to own the design, implementation, and continuous improvement of information security across our cloud-native, DevOps-driven engineering environment, as well as our corporate IT and office infrastructure. The role combines hands-on technical delivery with security leadership. - Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. - Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. - Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. - Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. - Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. - Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. - Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. - Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. - Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. - Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. - Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. - Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. - Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. - Run security awareness and phishing-resilience programs for technical and non-technical staff. - Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. - Monitor the evolving threat landscape and emerging security technologies. - Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. - Build, lead, and mentor a small security team. - Report security posture, key risks, and metrics. Qualifications - Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience. - At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale. - Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management. - Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code. - Working knowledge of application security and secure SDLC across modern programming languages and web frameworks. - Hands-on experience with security operations, incident response, and vulnerability management. - Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF. - Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage). - Strong analytical and problem-solving ability, with high integrity and sound judgement. - Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices. Requirements - Professional certification such as CISSP, CCSP, OSCP, AWS Security Specialty, or CISM. - Experience in a payments, fintech, banking, or other regulated environment. - Familiarity with operational-resilience expectations (e.g. DORA-style requirements). - Experience standing up a security function. Benefits - Fast-growing payment company; - Excellent working conditions, casual atmosphere, and state-of-the-art hardware; - Modern, challenging, constantly growing business; - Professional development - books, trainings, certifications, etc.; - Team buildings and fun activities; - 25 days paid holiday, 1 day for every 2 years with us; - Fully distributed and remote.
Role Description inventYOU is looking for Cybersecurity Incident Management Experts to support cybersecurity incident response and incident management activities for complex and critical environments. The role focuses on incident analysis, incident coordination, log analysis, forensic and artefact analysis, containment, recovery support and the development of incident response procedures and playbooks. - Support cybersecurity incident analysis, triage and response activities. - Perform log monitoring, log analysis and incident investigation. - Support artefact and forensic evidence analysis. - Contribute to root cause analysis and identification of affected systems. - Support incident coordination, containment, eradication and recovery activities. - Assist in the development or improvement of incident response procedures and playbooks. - Prepare technical reports, findings, recommendations and lessons learned. Qualifications - Bachelor’s degree in Computer Science, Computer Engineering or equivalent. - Intermediate level: at least 3 years of relevant professional experience. - Senior level: at least 6 years of relevant professional experience. - Experience in cybersecurity incident response and incident coordination. - Experience in log monitoring, log analysis and incident investigation. - Experience in artefact and forensic evidence analysis. - Knowledge of incident triage, root cause analysis, containment, eradication and recovery activities. - Familiarity with incident response procedures, reporting and playbooks. - Good understanding of hardware, software and networking technologies. - Experience with different environments such as servers, workstations, cloud, mobile, IoT or OT/ICS will be considered an asset. - Very good command of English: B2 for Intermediate level, C1 for Senior level. Benefits - Join a people-focused technology company with an international mindset. - Work on challenging projects for European clients and organisations. - Be part of a collaborative and supportive team environment. - Gain exposure to cybersecurity, technology and digital transformation projects. - Develop your skills through hands-on experience and continuous learning. - Work with experienced professionals across different business and technology domains.
IT Governance, Risk, and Compliance Manager
emerchantpayWe’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.
Role Description We are looking for an IT Governance, Risk, and Compliance Manager to provide oversight of our ICT and information security risk profile, ensuring those risks are identified, managed, and reported within the company's risk appetite, and that governance, risk management, compliance, and resilience are embedded into the way the company operates and grows. The role owns the integrated control framework, multi-standard certifications (ISO 27001, PCI DSS, and SOC), enterprise and third-party risk, business continuity, and key regulatory readiness programs - including the RBI licensing application in India, NIS 2, and the EU AI Act for AI governance and compliance - while acting as a trusted advisor to the Leadership Team. The role sits within the IT function and is part of the Risk Management and Oversight Committee. It works closely with Engineering, IT, Legal, Finance, and the wider business. Responsibilities - Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. - Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. - Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. - Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. - Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. - Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. - Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. - Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. - Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. - Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. - Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. - Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. - Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. - Run security awareness and phishing-resilience programs for technical and non-technical staff. - Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. - Monitor the evolving threat landscape and emerging security technologies. - Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. - Build, lead, and mentor a small security team. - Report security posture, key risks, and metrics. Qualifications - Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience. - At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale. - Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management. - Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code. - Working knowledge of application security and secure SDLC across modern programming languages and web frameworks. - Hands-on experience with security operations, incident response, and vulnerability management. - Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF. - Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage). - Strong analytical and problem-solving ability, with high integrity and sound judgement. - Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices. Considered as an Advantage - Professional certification such as CISSP, CCSP, OSCP, AWS Security Specialty, or CISM. - Experience in a payments, fintech, banking, or other regulated environment. - Familiarity with operational-resilience expectations (e.g. DORA-style requirements). - Experience standing up a security function. Benefits - Fast-growing payment company; - Excellent working conditions, casual atmosphere, and state-of-the-art hardware; - Modern, challenging, constantly growing business; - Professional development - books, trainings, certifications, etc.; - Team buildings and fun activities; - 25 days paid holiday, 1 day for every 2 years with us; - Fully distributed and remote.
IT Cybersecurity Engineer - WebAppSec PCI
CommonSpirit HealthCommonSpirit Health is a nonprofit organization that is on a mission to improve people’s health while making “the healing presence of God known.” The orga
Role Description The Cybersecurity EngineerWebAppSec position supports the Attack Surface Management (ASM) program for CommonSpirit Health. This program provides web application security services, performs technical security assessment services, maintains WebAppSec security systems and workflows, and provides engagement and reporting services on specific and systemic security vulnerability and configuration issues for the enterprise. The Cybersecurity Engineer will report to the Manager, WebAppSec, as part of the overall Cyber Vigilance and Defence group, focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization. The Cybersecurity Engineer performs web application security services related to PCI compliance such as: - Payment scripts monitoring - Web application security scans - Activities to identify CommonSpirit systems, applications, services, and repositories available on the Internet - Assessing system and application weaknesses, misconfigurations, or other flaws in operating systems, network devices, web applications, or other technologies that could lead to security compromises - Identifying gaps in current control states Monitors the threat and vulnerability landscape and changing business requirements to identify functional, technological and/or control solutions. Develops, integrates, and maintains WebAppSec tools and platforms. Integrates all cybersecurity solutions in an optimal manner to best discover and protect the organization from cyber threats and exposures. May drive one or more projects, acts as a subject matter expert (SME) for one or more discovery or scanning methods, tools, and target environments. Develops and maintains operational security processes, and assists in the remediation of the identified issues. May act as team-lead for other security personnel. Job Responsibilities - Designs, develops, and implements new discovery and assessment solutions to integrate into and test within existing or newly defined architectures. - Provide support on team related engagements with Security Engineering, Identity Management Engineering, Security Architecture, SOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners. - Act as a security advocate for IT Operations team’s adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices. - Manage workload, prioritizing tasks and documenting time, and other duties as directed by management. - Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, attack surface discovery methodologies, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team. - Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team. - Communicates security and technical information to team members and across the IT Organization. - Assists Management in identifying knowledge, process, and technology gaps. - Provide service line support for web application security for PCI compliance. - Create and manage crawling / scanning assessments and workflows, implement and manage script monitoring technologies and services, including alerting and remediation engagement (PCI DSS v4 6.4.3 and 11.6.1), in order to safeguard payment processing applications against fraud and breaches. - Partner with web application development groups to analyze and remediate security concerns within payment pages. - Provide service line support for dynamic application security testing services and remediation engagement. - Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes. - Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic. Lead specific engagement and remediation efforts. - Designs, develops, configures, and implements solutions to resolve intermediate technical and business issues related to information security. - Reviews and consults on security of technology solutions to resolve intermediate to high technical and business issues. - Provides support and works on multiple functions of intermediate to high complexity. - Serves as SME for one or more web application security platforms and services. Qualifications - Bachelor's Degree or 4 years of equivalent experience may be considered in lieu of Bachelor's degree. - 2-3 years job related experience required, specifically conducting application security testing or related activity on a multiple set of target types. Requirements - Bachelors in a related field and 3-4 years experience, upon hire.
