Information Security Engineer

Lviv
Engineering – Back-end
Full time, permanent contract
About the project:
The goal of Keepit is to provide data management and monitoring solutions that brings value for all. We will reach this goal by developing our products making them the simplest on the market, requiring the least effort from you as a user to enjoy. Our motto is “Less is More” or “Keep it Simple”.

Keepit is a cloud-to-cloud backup company offering customers the assurance of a third party independent backup of their critical business data when moving to the cloud. Maintaining confidentiality, integrity and availability of customer data backup sets is key to our continued success.
 
As the business is growing so is the effort required to design, implement, execute, review and refine security practices throughout the organisation.
 
Documentation, third party auditing and certification are important work areas as they allow our organisation to continuously improve and they provide our global customer base assurance that our company and our service can be trusted to look after the most important data of our customers.
 
As an Information Security Engineer your main areas of work will be assisting the existing team with:
 1) Clarifying security postures to partners and larger customers
 2) Implementing, executing, reviewing and refining security practices
   and procedures
 3) Contributing documentation eventually leading to ISO27001 certification
 4) Third party audits, penetration tests as well as internal audits
 5) Risk assessment work based on NIST SP800-30
 
You need to have a good understanding of information security in general and a reasonably strong technical foundation to understand the threats, risks and mitigations that can apply to building and operating a cloud service trusted to hold the data of customers across the planet.
 
You are able to find, read and understand regulatory and legal texts and compare our solution and our security posture to requirements in such texts. Such comparisons can form the basis for changes in product, processes or contracts with customers.
 
You understand the difference between "risk management" and "risk avoidance".
 
You have sufficient technical insight to read and understand the Turing Award paper "Reflections on Trusting Trust" and you can see how this is relevant in a broader setting in todays connected world.
 
Desired skills are:
1) Excellent communication skills; the ability to clearly state a message to a broad audience
2) Pragmatism; we work in the real world
3) Good understanding of risk management
4) Good understanding of information security
5) Sufficient technical foundation to understand larger internet-based systems
6) Good written and spoken English 
7) Attention to detail
 
Bonus skills are:
1) Experience bridging policy and implementation
2) Experience in software development
3) Experience managing Linux systems
4) Working knowledge of git and LaTeX
5) Even more attention to detail
 
We are looking for a dedicated individual with potential - long industry experience is nice but not a requirement.
We offer:
An exciting and challenging job in a successful business. Our culture is characterized by a positive tone, commitment and result-oriented professionalism, heavily influenced by excitement for what we do.
Unique working environment where your opinion matters
Competitive salary
Career and professional growth
Long-term employment with 20 working-days paid vacation and other social benefits
State of the art, cool, centrally located offices with warm atmosphere which creates really good working conditions