IT security engineer

• Applications are considered on a rolling basis
• Oslo

Job Description

Job description

About the team:

The Schibsted Media Cyber Security team is looking for an IT Security Engineer to protect the organization and the publishers along their mission for free and independent press. Located in Sweden the team is responsible for designing building and maintaining core cybersecurity tools and services for the company and journalists as well as supporting the development of safe products and services to our customers. We are part of the tech department the cybersecurity team collaborates with the other part of the organisation: journalists editors IT AI legal infrastructure network user devices collaboration software

What will you do in this role
As an IT Security Engineer you will be responsible for the development of critical IT Security functions within the this role you will be analysing designing implementing and maintaining security solutions to protect our organisations IT infrastructure and assets. Your expertise will be vital in ensuring the confidentiality integrity and availability of our systems and data.

Your main responsibilities will be to:

• Perform security assessments and identify areas for improvements and designing strategies to mitigate risks effectively.
• Drive and improve enterprise-wide security initiatives including threat detection and prevention systems incident response functions and vulnerability management
• Engage in Incident Response in collaboration with NOC & SOC to mitigate and investigate security incidents using threat hunting and digital forensics methodology.
• Design and implement robust security systems and architectures including network segmentation firewalls intrusion detection and prevention systems VPNs and endpoint protection solutions.
• Design and implement security protocols and best practices to protect journalistic content communications and digital assets from unauthorised access interception or tampering.
• Improve security monitoring of the network cloud IAM and endpoint system environment to detect and prevent threats quicker and more accurately.
• Perform security due-diligence of and define security procedures towards external vendors and third party providers to prevent supply-chain threats.
• Write security documentation including policies standards procedures and guidelines ensuring compliance with regulatory requirements and industry standards.
• Collaborate with external auditors and regulatory bodies to facilitate security audits and assessments.
• Contribute to the development of security training and education programs tailored to e.g. journalists and developers.
• Collaborate with journalists editors and other stakeholders to assess security risks and vulnerabilities in journalistic workflows and communications.
• Collaborate with the physical security team for assignments related to journalists operating in high risk environments.
• Collaborate with journalists to understand their missions on the field and support them with adapted tools and equipment.
• Conduct security assessments and audits of digital platforms tools and communication channels used by journalists identifying and remedying security weaknesses and vulnerabilities.
• Contribute developing and delivering security awareness training and resources for journalists and editorial staff promoting a culture of security awareness and vigilance.
• Depending on your experience provide guidance and mentorship to junior security team members fostering a culture of continuous learning and development.

Key competencies:

• Strong academic background within the areas of cyber security computer science or other relevant field
• 1-3 years of experience in an IT Security role with practical experience in implementing security controls and technologies.
• Proficiency in network and system administration with hands-on experience managing security tools and technologies such as SIEM DLP EDR and vulnerability scanning tools.
• Strong understanding of networking protocols operating systems and cloud computing platforms with the ability to analyse and troubleshoot security-related issues.
• Excellent analytical and problem-solving skills with the ability to prioritise and manage multiple tasks effectively.
• Strong communication and interpersonal skills with the ability to collaborate effectively with both technical and non-technical stakeholders.

Nice to have:

• A good understanding of the threat landscape of a media house.
• Systems programming experience such as Python.
• Previous experience working with EDR vulnerability scanners or SIEM.
• Experience working with threat intelligence for tactical and strategic improvements.