About the job CIS Security Engineer
Syffer is an all-inclusive consulting company focused on talent, tech and innovation. We exist to elevate companies and humans all around the world, making change, from the inside to the outside.
We believe that technology + human kindness positively impacts every community around the world. Our approach is simple, we see a world without borders, and believe in equal opportunities. We are guided by our core principles of spreading positivity, good energy and promote equality and care for others.
Our hiring process is unique! People are selected by their value, education, talent and personality. We dont present ethnicity, religion, national origin, age, gender, sexual orientation or identity.
Its time to burst the bubble, and we will do it together!
What You'll do:
- Support the definition, design, procurement/development, and implementation of secure Communications and Information Systems (CIS);
- Ensure compliance with CIS security accreditation policies and maintain appropriate security risk levels;
- Conduct and document security risk assessments and policy compliance to support system accreditation;
- Collaborate with the CTO's CIS Planning and Implementation Authority (CISPIA) to deliver secure CIS solutions aligned with organizational guidance;
- Integrate cybersecurity measures throughout the full system lifecycle (from design to operation);
- Represent the organization in CIS security governance forums and stakeholder engagements;
- Develop and manage required security accreditation documentation, including:
- CIS Description
- Security Accreditation Plan (SAP)
- Security Risk Assessment (SRA)
- Security Requirement Statements (SRSt)
- Security Operating Procedures (SecOPs)
- Security Test & Verification Plan (STVP)
- Security Test & Verification Report (STVR)
- Mostly on-site job;
Who You Are:
- Bachelor's degree in a relevant field + minimum 4 years of related experience or no degree, but at least 8 years of extensive, progressive relevant experience;
- At least 4 years of experience in:
- Cybersecurity principles, technologies, and best practices
- CIS security controls (traditional and cloud environments)
- Designing, implementing, testing, and validating security components
- Conducting security risk assessments and supporting accreditation processes
- Identifying threats, vulnerabilities, and residual risks with mitigation recommendations
- Supporting security accreditation in large-scale CIS projects
- Using risk assessment methodologies and tools
- Strong understanding of cybersecurity domains, including:
- Boundary protection
- Encryption
- Identity & access management
- Monitoring & detection
- Incident response
- Vulnerability assessment
- Risk management
- In depth knowledge of:
- CIS security principles
- Networking
- Vulnerabilities in modern operating systems and applications
- Experience in:
- Writing and enforcing security policies and procedures
- Compliance audits (e.g., ISO 27001, NIST 800-53, GDPR)
- Governance, Risk, and Compliance (GRC)
- Strong communication and technical writing skills;
Nice to have:
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
What you'll get:
- Wage according to candidate's professional experience;
- Remote Work whenever possible;
- Delivery of work equipment adjusted to the performance of functions;
- Benefits plan;
- And others.
Work together with expert teams on projects of large magnitude and intensity, long term together with our clients, all leaders in their industries.
Are you ready to step into a diverse and inclusive world with us?
Together we will promote uniquess!