/

Chief Product Cybersecurity Engineer

Worldwide, Remote

The Chief Product Cybersecurity Engineer is responsible for implementing processes and policies across the organization to ensure that systems are protected from security threats and for ensuring that our products and the underlying systems and infrastructure are protected from security threats. 

Responsibilities 

  • Set the ground for our information security system. 

  • Carry out security assessments, penetration testing, and auditing of our software and systems. Run code analysis and vulnerability scanning tools. 

  • Perform risk assessment and business continuity planning to ensure that business-critical systems can be recovered in case of an IT system failure, disaster, or attack. 

  • Identify threats and develop suitable defense measures. 

  • Draft cyber security white papers, collaborating with the technical writer team. 

  • In collaboration with our professional services and support staff assist our customers who are looking to secure their log management infrastructure and rely on NXLog products. 

  • Implement and install solutions to monitor networks and servers employing various security solutions for centralized logging, intrusion detection, anti-malware, EDR, etc. 

  • Assist with the installation and configuration of network security architectures, including firewalls, Demilitarized Zones (DMZ), routers, VPNs, proxies, content filters, etc. 

  • Manage and lead security incident response efforts. 

  • Implement security awareness training for employees. 

  • Propose security improvements and corrective actions in tools, systems, and development processes. 

  • Work with product management and developer teams to ensure that our products and development processes are secure. 

  • Work with the product marketing team to produce material and documents that can showcase the benefits of NXLog products from a cybersecurity perspective.  

  • Design and implement access control, single-sign-on, and appropriate identity and access management systems. 

  • Work with the DevOps and Web developer teams to ensure that internet-facing services (e.g. website, support ticketing system) are secure and resilient. 

  • Collaborate with the DevOps and developer teams in creating a secure software development process and CI/CD pipeline that is resilient against a supply-chain attack. 

  • Get our products certified with vendors and security standards. Work with third-party security assessment companies to execute vulnerability scanning, source code analysis, or penetration testing. 

  • Assist with achieving compliance with certain information security standards (e.g. ISO 27000) by creating a set of documents, developing the implementation plan, coordinating the efforts related to data protection, and preparing for an external audit and achieving cyber security accreditation for both our on-premises and cloud-hosted SaaS offerings.  

Requirements

  • University degree in business administration or a technology-related field. 

  • Professional security management certifications/experience. 

  • Minimum of 5 years of experience in a combination of risk management, information security, or any related IT role. 

  • Experiences in managing complex IT environments, IT architecture, IT security, IT compliance, or any other related governance function. 

  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. 

  • Good understanding of cryptography, SSL/TLS, and PKI. 

  • Knowledge of cloud platforms (AWS, Azure, GCP) and operating systems (Linux, Windows, Mac). 

  • Innovative thinking and leadership with an ability to work with and motivate cross-functional, interdisciplinary teams. 

  • Experience with contract and vendor negotiations and management including managed services. 

  • Working experience with a focus on cyber security governance or operations, Metrics, KPIs, risk management, policy setting, or equivalent. 

  • Capabilities for data analysis, data visualization, automation, and comprehensive understanding of the evolving threat landscape. 

  • Passion to deliver an exceptional level of achievement. 

  • Strong drive to achieve results with minimal supervision. 

  • Competencies: strong time management skills, ability to multi-task and prioritize in a fast-paced environment, strong organizational skills, get things done, drive things forward, proactive and innovative approach, strong communication, interpersonal, and negotiation skills 

  • Competencies for remote work: self-governance, autonomy (motivation and proactiveness), intercultural communication, collaboration, adoption of remote communication tools, discipline, reliability, self-motivation, self-advocacy, and flexibility 

  • Language: Fluent English skills (oral and written)  

  • IT knowledge: advanced level of MS Office knowledge, remote communication tools.