ICT Security Analyst

About the job

• Ensure and enforce the applicable requirements in the area of ICT governance, as well as ICT security and information protection
• Assess the effectiveness of the measures taken and initiate further actions to improve ICT security and reduce risks
• Analyze security-relevant events and their possible impacts on ICT systems
• Coordinate the defense or remediation of security-threatening events together with security officers and specialists
• Sustainable coaching and technical support of departments in the area of vulnerability management
• Contribute to the creation of solution proposals and decision bases based on security requirements and needs
• Assist in evaluating and procuring security systems and tools
• Root cause analyses in the area of system hardening and vulnerabilities as well as simulation of attack scenarios (PoCs etc.)
• Assist in planning and conducting internal and external audits
• Coordinate and ensure the remediation of audit and penetration test findings, as well as independently conduct simulations and penetration tests.

• Qualification as an IT specialist EFZ and higher specialization with a focus on ICT security (FH, HF, university) or comparable career path
• Further training and qualified knowledge in areas such as ICT security (e.g. CISSP, CISA, CISM, CAS/MAS Information Security), ISO/NIST certifications, etc. are an advantage
• Experience in vulnerability management and automation of ICT tasks as well as in coding and ethical hacking
• Strong analytical and conceptual thinking, structured way of thinking and acting
• "Out of the box thinking" and a positive attitude
• A high level of customer orientation and consulting skills
• Proactive team player
• Native German speaker, as well as good English skills in spoken and written form
• Several years of programming experience (Java, C#, Python...)
• 5 years of experience with database programming

"Nerd" is not an insult, but a status symbol? You understand more about computers and networks than Bill Gates? Then we want you on our team. In the IT department of RUAG, you have the opportunity to cover the entire ICT landscape from development to maintenance and contribute your expertise to the security of Switzerland.

• Qualification as an IT specialist EFZ and higher specialization with a focus on ICT security (FH, HF, university) or comparable career path
• Further training and qualified knowledge in areas such as ICT security (e.g. CISSP, CISA, CISM, CAS/MAS Information Security), ISO/NIST certifications, etc. are an advantage
• Experience in vulnerability management and automation of ICT tasks as well as in coding and ethical hacking
• Strong analytical and conceptual thinking, structured way of thinking and acting
• "Out of the box thinking" and a positive attitude
• A high level of customer orientation and consulting skills
• Proactive team player
• Native German speaker, as well as good English skills in spoken and written form
• Several years of programming experience (Java, C#, Python...)
• 5 years of experience with database programming

• Ensure and enforce the applicable requirements in the area of ICT governance, as well as ICT security and information protection
• Assess the effectiveness of the measures taken and initiate further actions to improve ICT security and reduce risks
• Analyze security-relevant events and their possible impacts on ICT systems
• Coordinate the defense or remediation of security-threatening events together with security officers and specialists
• Sustainable coaching and technical support of departments in the area of vulnerability management
• Contribute to the creation of solution proposals and decision bases based on security requirements and needs
• Assist in evaluating and procuring security systems and tools
• Root cause analyses in the area of system hardening and vulnerabilities as well as simulation of attack scenarios (PoCs etc.)
• Assist in planning and conducting internal and external audits
• Coordinate and ensure the remediation of audit and penetration test findings, as well as independently conduct simulations and penetration tests.