Description

We are looking for a cybersecurity and business process security expert for the Cyber Security Expertise Management team.

Responsibilities

Your tasks will include:

• interaction with IT support teams, business analysts, developers, and product owners, providing cybersecurity consultations
• preparation of cybersecurity requirements (both conceptual and detailed) for new automated systems, technologies, processes, products
• analysis of conceptual architectures for projects on development and modification of automated systems
• expertise of changes implemented in the bank's business processes, products, services for cybersecurity threats, selection of adequate and optimal protection measures
• participation in acceptance testing of banking systems and products, audits
• participation in preparing recommendations and proposals for changes to the bank's processes and regulatory documents.

To perform duties qualitatively, you must be able to:

• form a firm position on cybersecurity issues regarding identified threats
• assess the risks of changes implemented in the bank's business processes, products, and services
• model cybersecurity threats
• write informational reports on identified software vulnerabilities and business process deficiencies.

Requirements

What is important for us:

• higher technical education in information security or information technology
• knowledge of security standards and legislation: CTO BR IBBS, PCI DSS, 395-FZ, 63-FZ, 152-FZ, etc.
• 3-5 years of relevant work experience
• understanding of Agile principles, software development process specifics, DevOps/DevSecOps practices
• understanding of network architecture, automated system architecture patterns, understanding of microservices-based application implementation principles
• knowledge of web service operation principles, implementation of three-tier client-server architecture
• familiarity with secure application design practices and principles (security by design, least privilege, zero trust, etc.)
• knowledge and deep understanding of application protocols and integration mechanisms, specifics of virtualization and orchestration of Docker and Kubernetes
• understanding of web application vulnerabilities (including OWASP TOP 10) and understanding of their mitigation mechanisms
• knowledge of authentication, authorization protocols, principles of message validation and request sanitization
• deep understanding of PKI concepts and architectures, specifics of different types of digital signatures, nuances of using security and cryptographic protection tools.

Additional advantages are:

• work experience in a system integrator, federal regulatory body, cybersecurity department of a financial organization
• understanding of the roles and functions of participants in the global financial market, banking industry, specifics of remote banking and foreign economic activity
• understanding of financial instruments specifics, accounting procedures
• experience in designing and supporting cybersecurity systems, integrating security tools into existing automated systems
• proficiency in security assessment and pentest tools
• experience using GigaChat, Kandinsky and similar in products, skills in creating and using AI-agents and multi-agent systems.

Conditions

We offer:

• comfortable modern office
• office work format
• annual salary review, annual bonus
• corporate gym and relaxation areas
• more than 400 training programs from SberUniversity for professional and career development
• adaptation program and manager assistance at the start
• extended voluntary health insurance, preferential insurance for family and corporate pension program
• flexible mortgage loan discount equal to 1/3 of the Central Bank's key rate
• free SberPrime+ subscription, discounts on partner company products
• referral bonus for recommending friends to the Sber team.