je.st

Home › security

Tag: security

Information Security Analyst

2021-03-31 16:12:45| Space-careers.com Jobs RSS

DLR GfR mbH is a company providing reliable, safe and secure aerospace services. We operate and manage the constellation of Galileo satellites in the Galileo Control Center Oberpfaffenhofen on behalf of the European Commission. Our company headquarters is located in an area widely known as a holiday destination the fivelakes region in Upper Bavaria near Munich. At the space industry location in Oberpfaffenhofen, our around 230 employees work every day in international and interdisciplinary teams on the navigation for the future. Become a part of us! Inside of the Security Department we offer the following career option Information Security Analyst fmd Reference No. 210331 YOUR MISSION The Cyber Security group within DLR GfR mbH is responsible for the security of Galileo IT applications. As Information Security Analyst for the Galileo project you are responsible within the Cyber Security Department for the regular analysis of security risks according to the requirements of the Galileo client European GNSS Agency as well as the verification of the implementation of adequate security measures and also support security audits. Your responsibilities include Independent monitoring and analysis of the regularly running procedures and applications in information security, such as access protection, encryption, configuration control, vulnerability analysis, malware detection, database activities and verification of implementation focus on the Galileo networks and systems review and analysis of event logs to detect anomalies in the local security environment and harmful activities in the Galileo local system development of proposals for dealing with them identification of potential threats to information and communication systems by evaluating the results of technical monitoring tools, in conjunction with local and global risk analyses in the Galileo system Support in the evaluation and reporting of forensic investigations Processing the security risk register, with a focus on the Galileo project Regular internal audits of the Galileo security environment, recording of measures and followup Development of training materials and regular training of project staff in connection with security incident response methodologies Regular reporting to the SiteInfosec team, rapid escalation in the event of a concrete threat situation in the IT area Regular review and documentation of the system against the security requirements defined by the customer Responsible for regularly checking security relevant logs locally and remotely YOUR QUALIFICATION Completed Bachelors degree in computer science or comparable education Many years of experience in the IT sector Many years of professional experience in the security industry Knowledge of national legal requirements as well as international standards in information security e.g. secrecy protection in the economy BMWi, NIST, ISO 27001, etc. Practical knowledge of technologies and common threats in network security Readiness for safety inspection according to SG Business fluent German and English, written and spoken Confidentiality and reliability OUR OFFER Collaboration in the European lighthouse project Galileo Trusting and appreciative cooperation in an international environment International team spirit 30 days annual leave Additional days off on 24.12., 31.12. and Shrove Tuesday WorkLifeBalance e.g. through flexible working time models and mobile office options Child care for children from 1 to 3 years Varied personnel development program Individual career options for example through secondments to partner agencies enterprises abroad Employerfinanced retirement plan Attractive location with a high recreational value in the fivelakes region near Munich And much more ... CONTACT We have aroused your interest but you still have questions about the position? Then please contact us at recruitingdlrgfr.com!

Tags: information security analyst information security

A beginners guide to cloud security management

2021-03-30 19:34:31| The Webmail Blog

A beginners guide to cloud security management nellmarie.colman Tue, 03/30/2021 - 12:34 Cyber criminals are on the never-ending hunt for data anything they can steal and sell, exploit or hold for ransom. From small businesses to the largest enterprises, everyones data is a target. So its important for you to protect your data, with a layered, defense-in-depth approach. You might already be familiar with how to protect your data in a traditional, on-premises environment such as by restricting admin and user access, using properly configured firewalls and running anti-malware software. But how does data security work in a complex cloud environment? In this guide, well answer these questions, look into best practices for cloud security management and discuss how security experts can help along the journey. What is cloud security? Cloud security has the same goal as traditional on-premises security: keeping your valuable data safe. It involves procedures and technologies designed to protect your cloud environment against both internal and external threats to your most sensitive business-critical infrastructure. What is different about cloud security? When comparing on-premises security and cloud security, the main differentiator is the nature of the cloud. The cloud isnt in your data center or at your office, where you can control it. Its in an intangible place that you cant necessarily touch or fully control. As a result, you cant apply your traditional, standard infrastructure controls or enterprise tool sets, as you can with on-premises. With on-prem, you plug in a server, hook it up, and it immediately inherits all of the firewalls, IPs and rule sets you already have running in your environment. In the cloud, you turn a new system on, and it adopts none of those historical protections. This means you must build security at the forefront because once your cloud infrastructure is on, its open to the world. But once youve integrated cloud native tool sets and solutions, you can gain visibility that goes beyond what legacy security provides. Cloud native security solutions enable you to monitor network flow, identify vulnerabilities, integrate threat intelligence and even implement AI learning around your cloud infrastructure and systems. What is cloud security management? Cloud security management is similar to the model for on-premises security management. It's about understanding what security controls you have in place and how you're securing your environment, systems and data and what you have to do, from a management standpoint, to maintain that visibility. For example, every time you spin up a new instance in the cloud, you need to make sure you push the correct agents and that it has the right policies assigned to it. You need to be sure the controls youve already engineered and architected are in place. Cloud security is quite a bit easier than traditional models, since assuming youre using the cloud correctly you can automate many of the requirements and workflows. For example, in the past, IT may have set up a new server, and perhaps they didnt install any of the agents. You might not notice until sometime later. But in the cloud, you can automate the whole process and specify installations, instead of relying on human workloads or trial-and-error. How do you manage security in the cloud? To protect your data, you need to take the keys to your data and lock them away such that an adversary would need to break through layer after layer of protection to get to those keys. Cyber criminals look for vulnerable systems and data, so make it difficult for them. Rule of least privilege The baseline, number-one thing that everyone should do whether youre talking about cloud, on-premises or even a single-instance computer running in your office is implement the rule of least privilege. Basically, if the system doesnt need to do something, dont allow it to. For example, if you have a server thats just processing information in a SQL database, dont install a web browser. That kind of deny-by-default approach alone can remove many common attack vectors. Each time you can eliminate a way for the bad guys to get in or out, youve given a huge boost to your security, with minimal effort and cost. Zero trust Likewise, if a person within your organization doesnt need access, dont give them access. Take a zero-trust approach inside and outside your organization. Trust no one. For example, say you have a house with a door, and that door has a lock. Your security is the lock on that front door. You give people you trust keys to your front door. You dont trust anyone outside the front door, and you trust everyone inside. Thats how traditional perimeter security works. But lets say youre in the house with those people you trust, but one person goes into your bedroom and is there for 20 minutes. You start wondering, what is that person up to? So you start monitoring their activity and discover theyre stealing your valuables. So, although you need the lock on the front door, you need monitoring, validating and checking within your house as well, preferably focused on areas that are most critical. Thats what zero trust security looks like. You trust nothing and nobody, at any time, and you make it very difficult for someone to do something they shouldnt be doing. Patching The world is terrible at patching. Most of the major data breaches in the last two decades, not related to zero-day exploits, have been because someone failed to apply a critical patch in a reasonable amount of time. Many recent breaches were caused because patches were ignored for years. Using free, open-source tools online, almost anyone can get into your system and compromise it when it is left without these critical updates. Bottom line: Staying up to date with your patches is a powerful way to manage risk in the cloud. Cloud native security solutions can help by notifying you of outdated systems and reporting on the specifics, so you can keep them up to date. Cloud security management with Rackspace Technology When it comes to cloud security management, you dont have to go it alone. Rackspace Technology can partner with you to address every element of your security journey and take the weight off of your in-house team so they can focus on more strategic initiatives. Through our experience across thousands of clients and our extensive partner ecosystem, we can help you define and implement a cloud security strategy designed to keep your business safe. Do you know your current cybersecurity risk score? Take our 15-question self-assessment today. Then take advantage of a professional consultation with one of our cloud experts who will review your results and offer best-practice recommendations on how to address any identified security gaps. A beginners guide to cloud security managementDiscover the differences between cloud security and traditional on-premises security, as well as best practices for keeping your data safe in the cloud.Discover your cybersecurity risk score./lp/cybersecurity-risk-self-assessmentTake the assessment

Tags: guide management security cloud

Security officer

2021-03-29 19:11:37| Space-careers.com Jobs RSS

WHO ARE WE? GMV GmbH is a German company, being part of GMV, a global technology group in Space, Defense, ICT and Intelligent Transport Systems employing 2300 staff. Our activities in Germany are related to hightech aerospace projects, space operations, ground systems, mission analysis, navigation and flight dynamics. GMV GmbH also specializes in software and hardware systems for simulation, emulation, 3D visualization and operations support. We are headquartered in Oberpfaffenhofen near Munich and have offices in Darmstadt. At GMV GmbH you will find a unique work environment that requires talent, imagination and personal effort. We are an international team bound together by the passion for challenge, innovation, technology and customer service. Having the best professionals on board is the true source of our competitive advantage. We recruit excellent engineers and encourage innovation, technical excellence and continuing education. Were an international and innovative engineering company. JOB DESCRIPTION Responsibilities Duties Tasks Join our team full of talent and creativity where you will perform the necessary coordination with projects particularly in Germany to facilitate personal security clearances PSC and facility security clearances FSC to EUSECRET level. Two new facilities in 2021 and 2022 to be certified. Qualifications BSc or MSc in any related discipline Required knowledge If you want this position to be yours, we would like you to have the following knowledgeexperience Excellent command of spoken and written German for communication with German authorities, English for internal communication. Ability to work with government compliance requirements and information. Prior knowledge of personal security clearances PSC and facility security clearances FSC to EUSECRET level in Germany WHAT DO WE OFFER? The possibility to work in an international team, with innovative projects. We also give you the chance to develop your career in our work centers around Europe, USA and Asia. Professional Career Development. We help you directing your career, starting from a technical base, passing through the team and project management, the technical expertise or the commercial area, keeping contact with our clients. Its up to you! Access to the companys training program. You can acquire and sharpen your knowledge in the technologies we use, as well as your language skills. Social benefits. Flexible working schedule. Possibility to participate in team activities and sports competitions with us. Private medical insurance. If you would like to work in an interesting, fun, fastpaced, challenging, diverse and global company which is growing rapidly, please send us your resume to jobsgmv.com For more information about GMV GmbH, please visit our website at www.gmv.com and our positions at www.gmv.comenEmploymentVacancies

Tags: security officer security officer officer security

Junior System IT administrator and security

2021-03-25 11:12:02| Space-careers.com Jobs RSS

Deadline to apply 9th April With 2.100 employees worldwide, the CS Group is a leading IT company in France and Germany, and a prime contractor in designing, integrating and operating mission critical systems. It has now been over 30 years that comprehensive CS Group solutions for space systems and applications, both on the ground and in space, have been part and parcel of this odyssey. Our German activities are growing at a fast pace and to meet our customers highlevel expectations and needs, we are looking for a talented individual in the area of IT administration. Responsibilities Duties Tasks Our subsidiary CS GmbH, located in Darmstadt, is looking for an IT administrator. You will be assigned to the maintenance and evolution of the IT infrastructure supporting our backoffice projects. You will report directly to the Information System Manager of CS GmbH. This activity includes, among others Management and administration of IT. Preparation of account, access, mastering computers. Monitoring of the IT infrastructure. Assessing future evolution to fulfil the needs of the projects. Onsite support for our customers. Requirements You will have at least a BSc. in Computer Science Engineer, or equivalent. You will be motivated to start working in the field of IT administration and security with a focus on Virtualisation. You may have just finished your degree or have a years experience in this field, but primarily you will be motivated, able to take responsibility, organised, able to communicate well in a multi discipline team and to different nationalities, quick to learn new technologies and happy to work both independently and within a team. You will need be proficient in the English language as the majority of our business is conducted in English.. Required technical skills You will be able to demonstrate a good all round knowledge in the following areas system IT administration cybersecurity, system security best practices virtualisation VMware, ESXi, Vcenter server and NAS storage administration network management DHCP, DNS, VPN LinuxWindows OS. Nicetohave technical skills If you can demonstrate a solid knowledge in the following skills this will be a plus! scripting language e.g., Bash, Python Docker, Kubernetes CICD Jira, Jenkins, GitLab configuration management such as SVN GIT cluster management as HTCondor or similar We look forward to hearing from you!

Tags: system security junior administrator