Cyber Security Engineer

Do you know askblue?

We were born in 2013, and we provide services in the field of information technology.

We are looking for Cyber Security Engineer to join our company, in one of our projects located in Lisbon.

Tasks:

• The Contractor shall deliver services in an agile and iterative manner, organised into weekly sprints. The scope and content of each sprint will be agreed during sprint-planning meetings with the Academy Technical Capability (TeC) Team. Deliverables will be reviewed and formally accepted through a Delivery Acceptance Sheet (DAS).
• Each sprint is planned for a duration of 1 week and main activities are as follows:
• The Contractor shall develop and maintain the system descriptions for ALE systems, capturing the technical description, connections (physical and logical), physical locations, and hardware/software inventories. This shall be formalised in a document titled “CIS Description” and maintained under version control.
• The Contractor shall define the accreditation strategy and plan for ALE systems, describing the steps required to achieve security accreditation for operation at the NCI Academy. This shall be formalised in a document titled “Security Accreditation Plan (SAP)” and maintained under version control.
• The Contractor shall perform a high-level security risk assessment to inform early design, including identifying assets, threats, vulnerabilities, likelihood/impact, and initial ratings. This shall be formalised in a document titled “High Level Security Risk Assessment (SRA)” and maintained under version control.
• The Contractor shall define system-specific security requirements and control coverage by tailoring the security control baseline, mapping requirements to applicable standards and policies, and identifying coverage gaps with corresponding actions. This shall be formalised in a document titled “System-specific Security Requirement Statement (SSRS)” and maintained under version control.
• The Contractor shall develop and maintain Security Operating Procedures (SecOPs) to enable secure day-to-day operations. This includes:
• For Administrators: account/privilege management, backups, patching, baseline configurations, logging/monitoring, incident and change handling, and continuity steps.
• For End Users: acceptable use, data handling, access/MFA, reporting suspicious activity, and secure usage guidance.
• These shall be formalised in a document titled “Security Operating Procedures (SecOPs)” and maintained under version control.
• The Contractor shall define security test and verification activities to evidence control effectiveness. This shall be formalised in a document titled “Security Test and Verification Plan (STVP)” and maintained under version control.

Requirements:

• Minimum 5 years of experience in designing secure, scalable solution architectures aligned with enterprise standards, or complex environments;
• Minimum 5 years of experience in applying and overseeing physical, procedural, and technical security controls, conducting risk assessments, and leading incident response efforts;
• Minimum 5 years of experience in system and application hardening, collaborating across technical teams to enforce best practices and compliance;
• Accreditation Process: Demonstrated success in managing accreditation processes, defining assurance requirements, and coordinating with stakeholders is essential;
• Communication Skills: Excellent written and verbal communication in English, with the ability to explain technical information clearly and in a user-friendly manner;
• Collaboration: Demonstrated ability to work effectively in a team environment and coordinate with multiple stakeholders;
• Documentation: Strong documentation capabilities including SOPs, technical manuals, and security guidelines are required to support operational readiness and knowledge sharing;
• Analytical Skills: Strong problem-solving and troubleshooting ability, with the capacity to quickly identify issues and determine the most efficient resolution;

Work Arrangement:

• 100% On-Site

Offer:

• Health Insurance;
• 3 and a half days of leave per year + 22 vacation days;
• Unlimited access to Udemy.

If you are interested in the opportunity, upload your C.V. or send it to filipa.pinto@askblue.com with the reference #16742062 in the subject.

askblue – where business meets technology