Senior Security Engineer

Company Description

Since 1998, Lostar is the leading Information Security firm, with more than 1000 projects.
 

Its main services are; Information Security Checkups such as Internet-Intranet Penetration Tests, Gap Analysis of world wide best practices like COBIT, ISO 27001, ISO 22301 and ISO 20000, related consultancy and data protection projects and also Employee Security Awareness Methodology trainings.
 

Lostar consultants, who are well trained and experienced, create the optimal-cost solutions for their customers with paying attention to technical and commercial needs.
 

Roots in Turkey, Lostar has 3 offices in 3 different cities such as Istanbul, London and Sakarya.

We work with the best to create the best service and value for our clients.

For latest news and updates please follow us on:

• Linkedin: Lostar
• Instagram: LostarInfoSec
• Twitter (TR): Lostar
• Twitter (EN): Lostar_EN
• YouTube: LostarTV
• Facebook: Lostar
• Facebook (Jobs): LostarKariyer

and visit our web sites:

• English: https://lostar.com
• Turkish: https://lostar.com.tr

Job Description

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team.

Qualifications

• Experience in a technical role in the areas of Security Operations, Detection Engineering, Threat Intelligence, Penetration Testing, Red Teaming, Purple Teaming, Threat Hunting or Incident Response
• A strong understanding of system internals and security mechanisms related to the Windows Operating system and Active Directory
• Experience working with Windows security logging in either a forensic, threat hunt, incident response investigation, or red team operational security research capacity
• A strong understanding of networking including how firewalls, load balancers, and proxies function within a large enterprise network
• Understand system and network telemetry generated by Endpoint Detection and Response (EDR) tools
• Functional understanding of how threat actors gain access, move laterally, privilege escalate, set persistence, and evade defenses to achieve objectives
• Ability to critically examine an organization’s systems through the perspective of a threat actor and articulate risk in a clear and precise manner
• Be able to communicate, both verbally and in written form, technical and risk based information to individuals with a variety of both technical and non-technical backgrounds

Additional Information

Desired Skills

• Background in executing red team or penetration testing engagements
• Hands on experience with offensive security tools such as Metasploit, Burp, Cobalt Strike, Empire
• An interest and willingness to deep drive into the security function around various critical banking systems and technologies such as ATMs
• Experience with large scale data analysis
• Working knowledge of MITRE ATT&CK framework
• Certifications in relevant areas you are passionate about