Senior Security Specialist IAM

Senior Security Specialist IAM

The security architect provides expert guidance for addressing current security issues but has the foresight to see where the industry is headed and proactively deliver optimal secure solutions. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. A senior tech-level role, the architect possesses strong communication and organizational skills, and the ability to guide less experienced coworkers. The architect provides technical leadership to delivery and solution design team members and advises executive leadership regarding matters of significant importance to the organization.

• Remain current with new security threats and assess systems to ensure they can defend the business.

• Conduct threat modelling and architectural assessments of applications to encompass all aspects of information security, ensuring security by design.

• Document identified threats and provide corresponding mitigation strategies.

• Evaluate technologies and solutions to enhance security capabilities.

• Identify security gaps and communicate associated business risks to relevant stakeholders.

• Provide solutions aligned with business needs, considering security and compliance requirements.

• Verify the effectiveness of security controls in mitigating identified risks.

• Assist engineering projects throughout the Secure Software Development Life Cycle (SSDLC) and collaborate to effectively prioritize product security elements.

• 5-10 years of experience in IT or IT Security

• Strong knowledge of information security principles, security architectures, frameworks, standards, and emerging threats, with the ability to implement effective mitigation strategies.

• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts.

• Familiarity with regulatory requirements and compliance standards (NIST, ISO 27001, GDPR, SOC2).

• Expertise in cloud computing and its associated best security practices, covering applications, infrastructure, storage, platforms, and data security.

• Hands-on experience in performing threat modelling for applications, identifying threats, and suggesting optimal mitigation strategies.

• Strong understanding of threat modelling methodologies (e.g., STRIDE, DREAD, PASTA).

• Proficiency in using threat modelling tools (e.g., Microsoft Threat Modelling Tool, Threat Modeler, OWASP Threat Dragon).

• In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.

• Must have experience in architecting and securing Cloud Computing Platforms such as Azure or AWS.

• Demonstrate a deep understanding of Google Cloud Platform(GCP) concepts and architectures, with a focus for how security controls are applied to cloud-based technologies. Architecture & Networking , Identity & Access Management, Securing the CI/CD Pipeline, Secrets and Data Protection, logging and monitoring and Security controls for Containers(e.g., Dockers, Kubernetes).

• Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner.

• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.

• Drive security efficiencies, enabling security team members to work on more advanced tasks.

• Perform engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted.

• Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.

Other qualifications:

• Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls.

Competences required:

• Analytical and problem-solving skills

• Ability to work in cross functional teams, including remote and external resources

• Ability to effectively communicate with technical resources

• Works with minimal guidance and recognitions when guidance needed

• Ability to understand and develop enterprise policy and technical standards with specific regard to data loss protection and secure configuration

• Ability and willingness to learn new things about data loss protection management, exploits, hacker techniques, and overall security operations

We offer:

• Being part of a fast-growing, dynamic company, recognized as one of the foremost global packaging manufacturers.

• Great professional growth opportunities.

• Annual bonus.

• Private medical care & insurance plan for you to keep an eye on your health.

• MyBenefit program.

• Flexible and hybrid work arrangement: We offer a flexible hybrid work model – 2 days a week in the Krakow office, or fully remote if you're located elsewhere.

• Parking space for all employees.

• Comfortable working environment (library, relaxation area with a view of the Wawel castle and city center, casual dress code).

If you are a current CANPACK employee, please apply through your Workday account.

CANPACK Group is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, age, sex, sexual orientation, gender identity, national origin, disability, or any other characteristic protected by law or not related to job requirements, unless such distinction is required by law.