Samsung

Position Summary

Role and Responsibilities

Disclaimer: Samsung has a strict policy on trade secrets. In applying to Samsung and progressing through the recruitment process, you must not disclose any trade secrets of your current or previous employer.

• Security Architecture and Implementation: Design, implement, and maintain robust security architectures for on-premises, AWS, GCP, and Azure environments.
• Compliance and Standards: Ensure compliance with industry standards and regulations, including NIST (e.g., NIST 800-53, NIST CSF) and PCI DSS. Conduct regular audits and assessments to identify and mitigate compliance gaps.
• Vulnerability Management: Perform comprehensive vulnerability assessments and penetration testing. Utilize SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools to identify and remediate application vulnerabilities.
• Code Reviews: Conduct thorough code reviews to identify security flaws and ensure adherence to secure coding practices.
• Intrusion Detection and Monitoring: Deploy and manage IDS (Intrusion Detection Systems) and SIEM (Security Information and Event Management) solutions for real-time threat detection and incident response. Configure and tune SIEM rules and alerts for optimal threat visibility.
• Cloud Security: Implement and manage security controls in AWS, GCP, and Azure environments, including IAM (Identity and Access Management), network security groups, and data encryption. Leverage cloud-native security services (e.g., AWS Security Hub, GCP Security Command Center, Azure Security Center).
• Incident Response: Participate in incident response activities, including investigation, containment, eradication, and recovery. Develop and maintain incident response plans and playbooks.
• Security Policy Management: Develop, maintain, and update security policies, standards, and procedures based on evolving threats and business needs.
• Red and Blue Team Operations: Establish and lead red and blue team exercises to assess and improve the organization’s security posture. Plan and execute penetration tests, vulnerability assessments, and security audits.
• Security Automation: Implement security automation and orchestration using tools like Jenkins, Terraform, or Python scripting to streamline security operations and improve efficiency.
• Threat Intelligence: Stay up-to-date with the latest security threats, vulnerabilities, and attack techniques. Leverage threat intelligence feeds to proactively identify and mitigate risks.
• Security Tooling: Experience with security tools such as Nessus, Burp Suite, Wireshark, Metasploit, Snort, Suricata, and open-source security tools is highly desired.
• Key Management: Implement and manage cryptographic key management solutions.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
• Minimum of 7+ years of experience in a security engineering role.
• Strong understanding of security principles, best practices, and industry standards (NIST, PCI DSS, ISO 27001).
• Expertise in cloud security (AWS, GCP, Azure).
• Proficiency in scripting languages (Python, Bash, PowerShell).
• Experience with container security (Docker, Kubernetes).
• Experience with Infrastructure as Code (IaC) such as Terraform or CloudFormation.
• Strong knowledge of networking protocols and security concepts (TCP/IP, firewalls, VPNs).
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Relevant security certifications such as CISSP, CISM, OSCP, CEH, AWS Certified Security – Specialty, GCP Professional Cloud Security Engineer, or Azure Security Engineer Associate.

Skills and Qualifications

• Please visit Samsung membership to see Privacy Policy, which defaults according to your location. You can change Country/Language at the bottom of the page. If you are European Economic Resident, please click here.