Information Security Specialist

ELPEDISON is a leader in providing innovative energy solutions. We operate with enthusiasm and pride ourselves on offering employees a place to excel, creating value. This role is part of our digital transformation program, focusing on monitoring, maintaining, configuring, and securing our systems and applications.

The successful candidate will be responsible for addressing critical vulnerabilities, recommending solutions to mitigate security threats, and collaborating with the IT Security team to analyze the current information security posture and IT environment. They will implement IT security controls and services, suggest system and configuration hardening, participate in remediation activities during security incidents, execute information security risk assessments, and monitor security systems, IT portal, and tools to detect and respond to security incidents, threats, vulnerabilities, and risks.

• Be responsible for monitoring security systems, IT service desk portal and tools to detect and respond to security incidents, threats, vulnerabilities, and risks. Be responsible for incident response activities to contain, investigate, and remediate security incidents, and ensure business continuity and regulatory compliance. Collects and analyzes threat intelligence, to proactively identify potential security threats and risks, and develop mitigation strategies.
• Collaborate with the IT Security Team to analyze the current information security posture and IT environment, identify critical vulnerabilities and participate in the remediation activities and solutions for improvement. Perform analysis and proactive management of business demand for new security services / implementations, or modifications to existing ones.
• Monitor and coordinate for implementation of IT security controls and services (such as IDS, IPS, WAF, DAM, SIEM, DLP, Next Generation Firewalls), based on risk assessments' output, to successfully mitigate identified vulnerabilities.
• Perform technical activities such as AV whitelisting, monitoring phish alert incidents.
• Participate in, investigate, review, and address vulnerability assessments and penetration tests.
• Work with IT and other departments to enhance employee safety and the company's security posture.
• Record completed tasks, processes, and procedures, and add them to the knowledge base.

• An Associate or Bachelor's degree in Computer Science, Information Technology, System Administration or a closely related field or equivalent experience is required.
• Relevant master's degree will be considered as an advantage.
• 2-5 years of experience as an IT Security Analyst/Engineer (member of Security Operating Center)
• Desirable courses that will be considered as an asset: Microsoft Azure Security Engineer Associate (AZ-500), Microsoft (SC-200) Security Operations Analyst Associate, Microsoft 365 Mobility & Security (MS-101),Certified Ethical Hacker (CEH),CompTIA Security+.
• Familiarity with security policies, standards, and regulations (e.g., ISO 27001, PCI DSS).
• Knowledge of security frameworks (e.g., NIST Cybersecurity Framework, SANS).
• Experience with Microsoft 365 security tools such as Microsoft Purview, Microsoft Defender XDR (Defender for Endpoints, Defender for Office 365, Defender for Identity, Defender for Cloud Apps) and Microsoft Intune.
• Have experience with incident response.
• Expertise in security technologies (e.g., firewalls, intrusion detection systems, encryption).
• Experience in IT infrastructure (servers, switches, storage units) & virtualization (VMWare, Microsoft Azure).
• Excellent communication and interpersonal skills in order to collaborate effectively with cross-functional teams & stakeholders, translating business requirements into technical solutions.
• Problem-solving and analytical thinking skills.
• Effective prioritization, planning, and organization skills to manage multiple tasks and projects simultaneously and meet deadlines.
• Continuous learning and staying current with the latest security technologies, industry standards, and best practices.