IT Security Engineer

Job Description
About the team:
The Schibsted Media Cyber Security team is looking for an IT Security Engineer to protect the organization and the publishers along their mission for free and independent press. Located in Sweden, the team is responsible for designing, building and maintaining core cybersecurity tools and services for the company and journalists as well as supporting the development of safe products and services to our customers. We are part of the tech department, the cybersecurity team collaborates with the other part of the organisation: journalists, editors, IT, AI, legal, infrastructure, network, user devices, collaboration software, …

What will you do in this role?
As an IT Security Engineer, you will be responsible for the development of critical IT Security functions within the company. In this role, you will be analysing, designing, implementing, and maintaining security solutions to protect our organisation's IT infrastructure and assets. Your expertise will be vital in ensuring the confidentiality, integrity, and availability of our systems and data.

Your main responsibilities will be to:

• Perform security assessments and identify areas for improvements and designing strategies to mitigate risks effectively.
• Drive and improve enterprise-wide security initiatives, including threat detection and prevention systems, incident response functions, and vulnerability management
• Engage in Incident Response in collaboration with NOC & SOC to mitigate and investigate security incidents using threat hunting and digital forensics methodology.
• Design and implement robust security systems and architectures, including network segmentation, firewalls, intrusion detection and prevention systems, VPNs, and endpoint protection solutions.
• Improve security monitoring of the network , cloud, IAM and endpoint system environment to detect and prevent threats quicker and more accurately.
• Perform security due-diligence of and define security procedures towards external vendors and third party providers to prevent supply-chain threats.
• Write security documentation, including policies, standards, procedures, and guidelines, ensuring compliance with regulatory requirements and industry standards.
• Collaborate with external auditors and regulatory bodies to facilitate security audits and assessments.
• Contribute to the development of security training and education programs tailored to e.g. journalists and developers.
• Depending on your experience, provide guidance and mentorship to junior security team members, fostering a culture of continuous learning and development.

Key competencies:

• Strong academic background within the areas of cyber security, computer science or other relevant field
• 1-3 years of experience in an IT Security role, with practical experience in implementing security controls and technologies.
• Proficiency in network and system administration, with hands-on experience managing security tools and technologies such as SIEM, DLP, EDR, and vulnerability scanning tools.
• Strong understanding of networking protocols, operating systems, and cloud computing platforms, with the ability to analyse and troubleshoot security-related issues.
• Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks effectively.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.

Nice to have:

• Relevant certifications such as CompTIA Security+, GHEC or CEH would be appreciated.
• A good understanding of the threat landscape of a media house.
• Systems programming experience such as Python or Go.
• Experience provisioning and maintaining cloud environments through IaC frameworks such as Terraform.
• Previous experience working with EDR, vulnerability scanners or SIEM.
• Experience working with threat intelligence for tactical and strategic improvements.