Infrastructure Security Designer

Division

To face the ever evolving threats we are evolving and expanding the Global Cyber Security team.

As a global critical financial infrastructure, the protection of Euroclear information and assets is
fundamental to the company’s business. Security is at the core of our services, firmly embedded in
the management systems and processes of the company. You will be joining our Group Cyber
Security department in charge of putting in place the required controls to adequately and effectively
protect our information assets.

You will join the Security Consulting team which is part of the Group Security division. The main
responsibility for the Security Consulting team is to ensure that the technology infrastructure at
Euroclear protects corporate assets from unauthorised access, modification, disclosure and
destruction. Security consulting is the service owner of the logical security domain and infrastructure
through the implementation of security services and infrastructure, risk assessments, requirements
setting, and active participation in the project delivery lifecycle, as well as ensuring adequate
processes and procedures for the security administration teams.

Role

Group Security Management – Infrastructure and network protection

As part of the Security Consulting team, your main responsibilities are;

- Perform risk assessments and recommends infrastructure-related security requirements for IT

infrastructure and network projects. Provides recommendations on technical security
implementations and solutions.

- Perform security validation to ensure effective implementation of security controls.

- Provides recommendation and support to technical infrastructure teams on the control design,
implementation and processes necessary to ensure and protect information systems assets.

- Defines, implement and ensures the adequate functioning of security trust services within the
infrastructure security domain in line with IT security policies. Recommends on new or improved
security services to IT security Management

- Review the secure design and implementation of a security domain e.g. Virtualisation, Software
Defined Networks , Cloud XAAS, DMZ infrastructure, VOIP, Wifi, 802.1x, Anti-malware, System
protection, Middleware, Collaboration and end-user workspace solutions, Storage (SAN, NAS),
Databases, ….

- Produces documented security services, technical standards or principles.

- Act as security subject matter expert in the infrastructure and network security domain and be
the security point of contact for business and project teams. Resolve less common security problems
or queries.
Technical skills

You have proven experience in security risk assessments, development of functional security
requirements, process design and management reporting. Experience in security design, architecture
and project management is a strong advantage.

1) Sound security design principles, based on confidentiality, integrity and availability requirements
and other ISO 27k security principles are an asset;

2) Networking & Firewalls: several years of experience in building up sufficient background

knowledge with regard to network principles and protocols used in WAN and LAN's, DMZ, Internet
security, Remote access, network segregation

3) Senior level knowledge and experience with security platform technologies including firewalls,
web application firewalls, IDS/IPS systems, VPN, security assessments, and SIEM solutions.

4) Understanding of industry best practices as it relates to security on network architecture.

5) Platform and OS System security and assurance – Application security knowledge is a plus;

6) Authentication and access controls Security services (Authentication and authorisation schemes,
Role-Based and Attribute Based access controls, Single sign-on, PKI...);

Preferred professional certifications are CISSP, GIAC, SABSA, TOGAF, ISO 27001 LA/LI. Product
security certification e.g. Windows, Unix, Check Point, Palo Alto,… are an asset

Soft skills

You are service oriented, organised and independent security professional with solid experience in
the security domain or in the IT infrastructure solution architecture.

You are a team player who communicates in an open, respectful and constructive way with his
customers and peers, both verbally and in writing. You take ownership and ensure that
organisational quality standards are met.

You are a very good communicator in English, both verbal and written, and able to discuss and
defend the security interests with individuals and groups of senior business people as well as deep
technical IT experts.

You obtain approval of others with good arguments, appropriate influencing methods and personal
authority (persuasion)

You examine matters from a distance and putting them in a broader context and time perspective
(vision)