Job offers

IT Security Architect

Warsaw

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging the strengths and best practices of both companies.
 
ET&S S.A. belongs to the ET&SM technology holding of ERGO Group AG, supporting millions of internal and external customers with state-of-the-art IT solutions to everyday problems. We are dedicated to bring a digital innovations to every aspect of the landscape of insurance. Discover how we are implementing AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate our customers’ future needs around the globe. See how you can be a part of the digital revolution and apply to join us today!

About the role

As a Security Architect, you will be a crucial part of our Global IT Security Architecture Team. You will participate in the definition, prototyping and development of ERGO security reference architecture, methodology, models and security controls. You will be participating in ERGO projects development as a key person responsible for the coordination of the security architecture area, including demanded security analysis, security controls implementation (audit traces, communication security, access control model, data processing validation, etc.) and security self-assessment. You will consult with members of the Architecture Team as well as our developers, designers and software engineers on all relevant security topics.

 

How you will get the job done

  • participating in definition, prototyping and development of ERGO security reference architecture, methodology, models and security controls; aligning requirements from the architecture teams, technology teams and Global IT Security colleagues
  • driving the implementation of key building blocks of the reference security architecture in projects and programs by being partially embedded with a specific business segment
  • working closely with Global IT Security and IT, translating information security policies into a technical security control framework and security architectural blueprints and communicating these to the projects and IT organization
  • leading customers towards security-by-design by working at the initial stages of projects embedding security principles into the target architecture
  • developing security standards and schedule improvements based on IT strategy, project feedback and other sources
  • reviewing of existing architectures in the projects and assessing the security maturity and compliance levels, with the goal of jointly identifying potential short- and long-term improvement

Skills and experience you will need

  • at least 5 years of technology and IT experience, ideally with a specialization in information security topics, either in software and/or infrastructure development
  • experience in the security audit field
  • proven knowledge of ISO security standards (such as ISO27001, ISO22301 or equivalent)
  • proven knowledge of international security standards and methodologies as well as additional qualification (CISSP, SABSA, TOGAF or equivalent)
  • working experience in Cloud Security (AWS or Azure certification is welcomed)
  • background in any modern programming language, compiled (such as Java) or used for scripting (such as Python), is a plus
  • knowledge of DevOps practices, especially containerisation and orchestration (knowledge of Kubernetes is a plus)
  • knowledge of microservices-based and distributed systems architecture
  • strong track record of implementing IT security policies and managing project topics at the interface of various departments and hierarchy levels
  • good presentation and communication skills, also in English
  • ability to build authority and form strong relationships
  • ability to deal with ambiguity while working in a continually changing environment under indirect supervision
  • high decision-making and prioritization skills
  • community contributions (open source work, publishing/speaking on technical and security ideas) are a plus

Desired additional technical skills in detail

  • Threat modeling and technical risk assessment (STRIDE method or comparable standards)
  • Knowledge of security frameworks (offensive/defensive) such as MITRE ATT&CK / Cyber Kill Chain / Unified Kill Chain, SABSA, CIS, OWASP
  • Web Application Security (Java/Javascript, HTTP/2, ASP.NET, Nginx, IIS, WAF, CDNs)
  • General Cloud Security/Cloud IAM (AWS, Azure, GCP, Salesforce), Container Security, CI/CD
  • Good knowledge of authentication and authorization procedures and protocols (Oauth, OpenID Connect, SAML, WebAuthN, CTAP)
  • Enterprise access infrastructures (DMZ architectures, hybrid zone models, etc.)
  • Modern communication encryption methods and key management methods, especially in web scenarios

Interested in this position?

Apply now

Why work with us?

Let&s be fit

We realize that most of us need assistance to stay in shape and good health. That's why we provide every employee with a medical package coverage and co-finance a sports card. Additionally, we support a number of sports sections, and, you can even join our yoga team in the summer to practice yoga on the roof!

Let&s be balanced

Work-life balance is essential for us. That's why we offer our employees flexible working hours, pet-friendly offices, and if you would like to stay with your pet at home, a remote work environment. However, it won't be easy to stay at home with our in-office gaming room.

Let&s be smart

Staying up-to-date with all the new systems and technologies is not an easy task. That's why we have an extensive training and workshops offer, both in-house and with external providers. We organize hackathons and meetups, which are an excellent opportunity for our specialists to showcase their expertise. On top of that, we offer digital learning platforms, language courses, and a library.

Let&s be responsible

We love to see the difference we make together with our CSR projects. That's why we are always open to new projects, and we would love to include you in our next charity event!

Let&s be fun

At ET&S we love not only to work but also relax together. Sports events like company-wide bike race, or maybe a film marathon in our cinema room? Don't worry; we got it covered! Maybe you have a passion and would love to make an event out of it? Sure! We will help you!

Let&s be diverse

At ET&S we create a working environment free of prejudice and exclusion. Each member of our team can experience being valued, regardless of his or her gender, nationality, religious beliefs, disabilities, age, and sexual orientation or identity. Your wide range of qualifications, experiences, and ways of thinking are of great benefit to us!

Get to know us better

Check how it is working at ERGO Technology & Services

link to facebook

link to linkedin