Cybersecurity Enginner
hace 2 semanas
For more than a century, L'Oréal has devoted its energy, innovation, and scientific excellence solely to one business: Beauty. Our goal is to offer every person around the world the best of beauty in terms of quality, efficacy, safety, sincerity and responsibility to satisfy all beauty needs and desires in their infinite diversity.
At L'Oréal, our IT teams design and build solutions to ensure high performance for all our business sectors by imagining new ways of doing things, from designing websites to building algorithms and predicting new trends. They can be found leading teams towards a more connected and digitalized future in IT retail, e-commerce, CRM, data, AI, cybersecurity, Cloud and E-Marketing. You never stop learning at L'Oréal IT because things change at the speed of light Come join our dynamic team
Role Requirements
Knowledge and experience in architecture, design, engineering, implementation, and operation of information security systems, including infrastructure and cloud security, data loss prevention, web and application security, network and data security, intrusion and endpoint protection, security event management, and governance, risk, and compliance.
Role Responsibilities
Responsible for corporate cybersecurity tasks and projects, including development and management of security strategies, policies, and disaster recovery procedures for private and public cloud infrastructures, network and security operation centers, datacenters, networks, and remote sites.
Specialize in information security procedures and processes design, security assurance and risk analysis, network vulnerability assessment, penetration testing, incident handling, and response management.
Design security solutions protecting business from external and internal malicious intrusions, including leaks of confidential information, cyber-theft of intellectual property: patents, copyrights, and trademarks, and business interruption: denial of service, loss of service availability, intrusions, and malicious code infections.
Provide custom solutions architecture, security engineering services, IP network designs, network implementations, project management, and capacity planning for large network and security projects.
Practical knowledge of standards: NIST, PCI-DSS, ISO, OWASP, SOC, SOX, HIPAA, GDPR, SDLC
Required Education
BS or higher degree in Computer Science, Information Security, or equivalent experience
One or more professional security certifications: CISSP, CCSP, CISM, CISA, CEH, ECSA, CySA+
Knowledge of Technologies, Protocols, and Cloud Platforms
AWS: VPC, SG, NACL, Security Hub, Trusted Advisor, Shield, Inspector, KMS, SSE, CloudWatch, GuardDuty
Azure: VNET, NSG, ASG, AD IAM, SQL Encryption, Key Vault, Application Gateway, Security Center
GCP: Security Command Center, VPC Service Control
Proxies / Firewalls / Gateways: Zscaler, PaloAlto, Fortinet, Apigee, CA Layer7
Analyzers / Scanners: AlgoSec, FireEye, Tufin, Splunk, Rapid7, Nessus, Snort, Netcat, Netmap
Communication and Authentication: IPSec, TLS/SSL, Cisco ISE, CyberArk, SSO, MFA, SAML, OAuth, REST API, OIDC, PKI (CA)
Candidate Evaluation Criteria
Must prove understanding of architectural design and common security vulnerabilities.
A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
Contribute to building and managing enterprise architecture, governance, and compliance programs.
Strong organization, prioritization, rationalization, and analytics skills
An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business.
A well-developed understanding of and appreciation for organizational mission, values, and goals, and a consistent architecture of this knowledge.
An ability to communicate complex and technical issues to diverse audiences.
Deep and thorough knowledge of advanced enterprise-level architecture security standards, techniques, and tools.
Ability to assess code security vulnerabilities, implement security measures, and mitigate controls.
