Monitoring the effectiveness and implementing measures to improve the information security management system in accordance with ISO/IEC 27001 recommendations and the legislation of the Republic of Belarus.
Ensuring compliance of the company’s ISMS with the requirements of ISO 2700.
Organizing the company’s external audit to confirm compliance with the standard’s requirements.
Ensuring effective communication with company divisions on information security issues in project activities, as well as other matters within the department’s purview.
Developing and preparing for approval policies, regulations, projects, methodological materials, and other documents regulating information protection and information security.
Education: information security or information (computer) security, or standardization and certification.
Basic knowledge of network infrastructure, network hardware and software, and information security tools.
Writing information security documentation—policies, instructions, and regulations.
Working with regulatory documents and local laws.
Information security certifications and courses are desirable.
Auditing and investigating information security incidents.
Collecting, analyzing, and formalizing functional and non-functional requirements.
Designing and maintaining up-to-date technical documentation (API specifications, mappings, databases, usage guides) in Swagger, Confluence, and Word.
Visualizing business processes using BPMN, UML, and other modeling notations.
UI prototyping in Axure/Figma.
Optimizing existing business processes and task implementation methods.
Consulting a team of developers, business analysts, and testers during the implementation and support of projects to create and develop the company’s products.
Experience in banking is required (with banking software).
Experience and knowledge of the specifics of running applications on web and mobile platforms.
Understanding of integrations using web services.
Understanding of database and SQL fundamentals.
Familiarity with APIs.
Deployment of a SIEM system, configuration and administration, integration of event sources, maintenance.
Monitoring and analysis of information security events, assessment of new threats and development of correlation rules based on them.
Participation in incident investigations, preparation of security reports.
Collaboration with other teams (IT) and participation in security planning.
Experience with SIEM solutions from 1 year.
Knowledge and understanding of the fundamental principles of network and virtual infrastructure design and operation, as well as security protocols and technologies (TCP/IP, VPN, IDS/IPS, Firewall, etc.).
Understanding of information security fundamentals, types of threats and vulnerabilities, and methods and techniques of cyberattacks. Knowledge of logging, analysis, and event monitoring principles.
Knowledge of programming and scripting languages (Python, PowerShell, Bash) for task automation and custom report creation.
Developing the server side of the module.
Maintaining product functionality.
Participating in functionality refinement, code optimization, and refactoring.
Over 2 years of experience with PL/SQL.
Experience in code optimization (GIT, Oracle APEX).
Experience reading other people’s code and restoring logic from existing code.
SQL knowledge (DML, DDL, TCL, DCL): ability to write complex queries, use various SQL operators and functions to retrieve data from the database and modify data.
PL/SQL knowledge: basic constructs and capabilities of the PL/SQL language, including procedures, functions, triggers, packages, and cursors.
Experience in developing and maintaining banking software using similar technologies.
Custom software development, including process development using BPMN on the Camunda platform.
Proposing optimal task implementation methods and development tools.
Software maintenance.
At least 2 years of commercial development experience.
Experience with Java or a Java-like programming language.
Knowledge of modern BPM process design patterns, domain models, and API methods, and successful application experience.
Experience with microservices.
Experience with databases (SQL, NoSQL).
Experience with BPMN, Camunda, REST, OpenAPI 3.0/Swagger, and Postman.
Understanding of SOLID principles.
Groovy/Javascript.
Spring Framework (Core/AOP/REST/MVC/Data/Security).
At least 2 years of experience working with banking products.
Task detailing and estimation.
Artifact review (specifications, code, versions).
Providing consulting services as an expert on assigned issues.
Creating and monitoring tasks for product technical debt.
Software development in accordance with customer requirements.
Proficiency in Java (versions 11–21) with at least 4 years of commercial development experience.
Experience with microservices.
Experience with the Spring Framework (Boot/MVC/Data/Security).
Experience with relational databases (Oracle, PostgreSQL).
A deep understanding of the Java programming language.
Understanding of SOLID principles.
BPMN, Camunda, Groovy/Javascript, OpenAPI 3.0/Swagger, REST.
Working experience with Docker and Kubernetes.
Conducting full testing of web applications (company R&D projects).
Compiling and updating test documentation.
Preparing test reports.
Knowledge of the software development lifecycle and the role of testing within it.
At least 1.5 years of experience testing web/mobile applications.
Knowledge of mobile-specific tests.
Experience using traffic analyzers (Fiddler, Charles).
Understanding of client-server architecture principles.
Experience writing test documentation.
Experience testing APIs (Postman).
Basic knowledge of SQL queries.
Knowledge of App Store Review Guidelines and iOS Human Interface Guidelines.
Android standards for navigation and design.