Information Security Officer

at  Scope Group

Scope is looking for a passionate Information Security Officer to join our Information Security team based in Berlin. The candidate should be familiar with and have previous experience with Endpoint Protection, Vulnerability Management and Pentesting exercises, Security Operation Center Management, Network Intrusion Prevention and Firewall solutions, and DevSecOps.
The role requires a responsive, proactive, and highly productive professional who can work with numerous stakeholders to ensure a continued optimum level of Security.

Your tasks and responsibilities

• Administering and monitoring Microsoft security platforms including Microsoft Azure and Office 365 Security Centers, Azure Sentinel, and working with Microsoft Compliance Portals for security monitoring and investigations
• Monitor and restrict access to sensitive, confidential, or restricted data using Data Classification, and Data Loss Prevention solutions
• Management of Penetration Testing and Vulnerability Management activities across Web Applications and Network vulnerability scanner (Tenable Nessus) and understanding of the related industry standards, such as CVE, CPE, CVSS
• Management of SIEM solution, day-to-day incidents remediation, escalation of tickets or cases derived from SIEM solution, or monitoring of server event logs, firewall logs, access logs, and other security logs
• Endpoint Protection and threat hunting skills for malware investigations, phishing attempt analyses, forensics, and root cause analyses
• Review firewall rules and policies, specifically on web application firewalls (WAFs) and Intrusion prevention systems (Sophos, Palo Alto)
• Take part in Incident response activities for company-wide information security incidents & data breaches, recommend improvements and controls to prevent recurrence wherever possible, or follow up with other stakeholders
• Monitoring Applications and services for business continuity and resiliency processes, including data backup and recovery testing, patching and upgrading activities monitoring
• Ensuring the use of appropriate security tools in the development environment, play a role in developing and designing application-level security controls and standards. Familiarity with automated dynamic scanners and static code analyses tools and code review techniques
• Supporting the Information Technology, Risk, and Compliance teams in the implementation of the Group Information Security Strategy

Your professional and personal profile

• 5+ years’ experience in the Information Security domain
• Minimum of 2 years’ experience with public/private cloud environments (Azure, AWS, GCP, etc.)
• Experience in working with DevOps teams to adopt security best practices in the cloud, including dynamic and static code analyses tools, code review techniques, and decent exposure to Terraform, Docker, container management services, CI/CD pipelines, and secrets management in microservices-based architectures
• Bachelor’s or master’s degree in computer science, information technology, Cyber Security, or equivalent professional experience
• Technical experience in working with DLP Solutions is a plus
• Knowledge of Azure Security Center, Entra ID (Identity Protection and Privilege Access Management, Conditional Access App Control), and Microsoft Security Portals
• Knowledge in the implementation of Information Security frameworks like ISO 27001
• Certified Information Security Manager (CISM) or equivalent certification
• Certified Ethical Hacking (CEH) or equivalent certification
• Microsoft Azure and Security Certifications will be a plus
• Ability to meet deadlines, motivate others to do the same, and manage stress effectively in high-pressure situations
• Ability to take ownership and responsibility of tasks and projects that involve both independent and teamwork
• Willingness to learn new technologies and tools
• Experience in a multitasking environment, providing support on different projects simultaneously
• Fluent in English (written and spoken); Fluent in the German language is a plus

Interested?
If this sounds like a journey for you, we look forward to learning more from your convincing application. Please apply online using our application tool quoting the reference " 20240016”. Please note: For non-EU applicants, a valid work and residence permit is a prerequisite for this job position.

What we want to see

• Current CV
• Copy of your university degrees and certificates
• Criminal record certificate (can be provided at a later date)
• At least 3 letters of reference (can be provided at a later date)

About Scope
With more than 250 employees operating from offices in Berlin, Frankfurt, London, Madrid, Milan, Oslo and Paris, Scope Group is the leading European provider of independent credit ratings, ESG and fund analysis. Based on forward-looking and innovative methodologies, Scope offers a European perspective that contributes to greater diversity of opinion for institutional investors worldwide. Scope Ratings is the largest European credit rating agency, registered in accordance with EU and UK rating agency regulation, offering opinion-driven and non-mechanistic credit risk analysis. Scope ESG Analysis provides tools for analysing and reporting on ESG impact and risk, as well as second-party opinions on green, social and sustainable bonds. Scope Fund Analysis rates more than 10,000 funds and asset managers across all major asset classes. The shareholders of Scope Group include CEO and founder Florian Schoeller and anchor shareholder Stefan Quandt, numerous senior personalities in European finance and industry as well as institutional investors from several European countries. More on www.scopegroup.com

• Administering and monitoring Microsoft security platforms including Microsoft Azure and Office 365 Security Centers, Azure Sentinel, and working with Microsoft Compliance Portals for security monitoring and investigations
• Monitor and restrict access to sensitive, confidential, or restricted data using Data Classification, and Data Loss Prevention solutions
• Management of Penetration Testing and Vulnerability Management activities across Web Applications and Network vulnerability scanner (Tenable Nessus) and understanding of the related industry standards, such as CVE, CPE, CVSS
• Management of SIEM solution, day-to-day incidents remediation, escalation of tickets or cases derived from SIEM solution, or monitoring of server event logs, firewall logs, access logs, and other security logs
• Endpoint Protection and threat hunting skills for malware investigations, phishing attempt analyses, forensics, and root cause analyses
• Review firewall rules and policies, specifically on web application firewalls (WAFs) and Intrusion prevention systems (Sophos, Palo Alto)
• Take part in Incident response activities for company-wide information security incidents & data breaches, recommend improvements and controls to prevent recurrence wherever possible, or follow up with other stakeholders
• Monitoring Applications and services for business continuity and resiliency processes, including data backup and recovery testing, patching and upgrading activities monitoring
• Ensuring the use of appropriate security tools in the development environment, play a role in developing and designing application-level security controls and standards. Familiarity with automated dynamic scanners and static code analyses tools and code review techniques
• Supporting the Information Technology, Risk, and Compliance teams in the implementation of the Group Information Security Strateg