Red hat Senior Information Security Analyst - Red 

Czechia, Southeast, Brno 

125458616

The position is allocated to Brno Office in the Czech Republic.

What you will do

• Ensure systems and architectures are compliant with the company’s Information Security Operating Guidelines and Enterprise Security Standard. Perform security reviews, identify gaps in security architecture, and develop remediation plans.

• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Determine the security controls- that are required for information systems and networks to operate securely.

• Evaluate security architectures and designs for Software as a Service (SaaS) to determine the adequacy of security design and architecture proposed or provided in response to procurement requirements. Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

• Develop and maintain relevant security policies, standards, and guidelines to address evolving security threats, best practices, and business needs.

• Develop and maintain positive working partnerships with stakeholders to maximize security outcomes while meeting business needs.

What you will bring

• Proven history of working in a position of trust.

• Ability to work as part of a globally distributed team using multiple communication methods to facilitate collaboration (e.g., chat, voice, video, email).

• Excellent verbal and written communication skills to convey information effectively and professionally to a wide variety of technical and non-technical audiences.

• Knowledge of concepts of computer networking, Linux and other operating systems, Kubernetes and other container management systems, public cloud providers such as AWS, Azure, and GCP, and their corresponding security concepts and methodologies.

• Knowledge of risk management processes, including methods for assessing and mitigating inherent and residual risk using STRIDE or similar methodologies.

• Knowledge of industry-standard and organizationally accepted analysis frameworks and certifications such as NIST CSF, CIS, ISO 27001, SOC 2, PCI-DSS, and FedRAMP.

• Knowledge of information security defense and vulnerability assessment tools and their capabilities, including IDS, IPS, SIEM, EPS, and vulnerability management.

• Knowledge of cryptography and cryptographic key management concepts.

• Knowledge of privacy principles, laws, and regulations such as GDPR and CCPA.

• Knowledge of network access, identity, and access management such as public key infrastructure, Oauth, OpenID, SAML, and SPML.

Preferred, but not required skills:

• Industry certifications such as Linux+, CISSP, CISA, or Security+ would be highly regarded.

• Familiarity with ServiceNow’s Policy & Compliance module, Vendor Risk Module and Vulnerability Response Module.