Security Engineer

Náplň práce, právomoci a zodpovednosti:
Resco helps the world work better outside the office by making it simple to build complex mobile experiences for frontline workers. Over 800 enterprise and corporate companies from segments like utilities, retail, energy, oil & gas, manufacturing, telecommunications, transportation & logistics, or NGOs rely on Resco to simplify their frontline operations, improve efficiency, and reduce paperwork.

We are looking for a Security Engineer to strengthen our cybersecurity capabilities and support the development of our threat intelligence and risk management practices.

Responsibilities

-Develop, implement, and manage the company’s cybersecurity threat strategy.
-Own, maintain, and continuously improve the ISMS, including policies, procedures, registers, and supporting documentation in accordance with Document Control requirements
-Design, implement, and enforce security policies and procedures (e.g., access control, asset management, mobile devices, backup, incident management, AI governance)
-Implement and operate technical security and compliance controls using Microsoft 365 security, compliance, and identity platforms
-Manage security incidents, including investigation, coordination of response actions, documentation, and post-incident followup
-Identify, monitor, and assess tactics, techniques, and procedures (TTPs) used by cyber threat actors through analysis of open-source and internal data.
-Prepare actionable plans based on threat intelligence insights.
-Coordinate with stakeholders to share and leverage information on relevant cyber threats.
-Utilize threat intelligence to support threat modeling, risk mitigation recommendations, and threat hunting activities.
-Present and communicate security-related information across all levels of the organization.
-Explain risk exposure and its implications to non-technical stakeholders in a clear and understandable manner.
-Automate threat intelligence processes and workflows.
-Perform technical analysis and prepare detailed reports.
-Conduct supplier security assessments and support supplier risk management activities
-Use and apply Cyber Threat Intelligence platforms and tools effectively.
-Support internal and external audits, management reviews, and Information Governance Board reporting

Requirements for the employee

-Solid understanding of ISO/IEC 27001 and ISMS lifecycle (policies, risk management, controls, audits)
-Strong knowledge of information security governance, risk management, and compliance principles
-Ability to translate regulatory and policy requirements into practical, technical and organizational controls
-Experience working with formal documentation, registers, and controlled policies
-Strong analytical, documentation, and communication skills
(optional) Internal Auditor of Information Security Management Systems in accordance with ISO/IEC 27001
(optional) CISSP/CISM, SC‑200 – Microsoft Security Operations Analyst Associate

Zamestnanecké výhody, benefity:
Work for the IT company of the year 2014, 3rd most profitable IT company of 2015, and help us deliver mobile solutions to customers such as UNHCR, Heineken, Dräger, Kemp & Lauritzen, Danone, Bayer CropScience, Husqvarna, and 2000+
-International work environment
-Training, language courses & international conferences
-Relaxed and informal culture
-Flexible working hours
-Attractive bonus system
-MultiSport card - squash, tennis, badminton, gym, spa & countless other sports and activities

Požiadavky na zamestnanca:
-University degree in Information Technology or a related field.
-Minimum of 2+ years of relevant experience in cybersecurity.
-Strong team player with the ability to collaborate across departments.
-Hands-on experience with cloud and security tools, such as:
Microsoft Entra ID
SIEM / SOAR platforms (Azure Sentinel)
ESET Protect Cloud Console
ESET Endpoint Solutions
Microsoft Defender XDR
Microsoft Purview
Microsoft Intune
Microsoft 365 Admin Console
Microsoft Exchange Admin Center
Microsoft Power Automate
Fortinet Forti Analyzer
Proficiency in English (active use in both written and spoken communication).