About CENSUS

CENSUS is an internationally acclaimed Cybersecurity services provider. We support the needs of multiple industries, providing IT and OT security services to public and private organizations around the world, ranging from financial institutions and critical infrastructure to automotive and secure communications, including Fortune 500 companies. Powered by cutting-edge research, scientific analysis and in-depth engineering experience across various industries & technologies, CENSUS delivers unparalleled security consulting & assessment services for products (software, services, devices, and large-scale platforms), infrastructure, and organizations.

Learn more about CENSUS at census-labs.com.

About the Job / Key Responsibilities

We are looking for talented & ambitious professionals to grow our Cyber Security Advisory Services team and join our ongoing mission to deliver in-depth and top-tier cybersecurity services to our valued clients. As part of this role, you will use your knowledge and experience to help clients across various industries achieve compliance with desired cyber security standards, execute risk assessments, and create prioritized action plans for the improvement of their cyber security posture. You will work side-by-side with our clients’ development and security teams as well as partners, to provide strategic cyber security consulting services under engagements and projects that involve:

  • Cyber security risk assessments and risk analyses.
  • Gap analyses against industry-specific cyber security standards such as ISO/IEC 81001-5-1, ISO/SAE 21434, FDA Premarket & Postmarket Management of Cyber Security, UN No 155 & 156, as well as broader ones such as ISO 27001, PCI DSS, etc.
  • Development of cyber security policies, processes, and procedures.
  • Reviewing security architecture designs, identifying missing security controls, and driving analysis for security improvements.
  • Threat modeling.
  • Researching, reviewing, comparing, and proposing technologies that can satisfy the client’s established requirements, and aligning with their strategies.
  • Application security maturity assessments.
  • Development and improvement of software assurance processes.
  • Cloud security architecture assessments.
  • Development and delivery of training programs on cyber security topics that include secure development, threat modeling, security awareness, and more.
  • Providing consultation to our internal product security and organizational security teams.

Essential Qualifications

  • MSc or BSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
  • Postgraduate degree in Information Security will be considered a plus.
  • 2+ years of experience in a cyber security role.
  • Proficient in Greek and in English (written and spoken).
  • Eagerness to expand knowledge in new areas and learn new standards and methodologies.
  • Excellent communication and technical writing skills.
  • Ability to document and present cybersecurity risks in both technical and business-oriented language.
  • Ability to self-organize time to reach strict deadlines.

Desirable Knowledge

Knowledge or familiarity of some of the following areas will be considered a plus:

  • Knowledge of key aspects of risk management: analyzing potential risks, determining risk appetite, identifying threats, assessing vulnerabilities, and proposing appropriate mitigating controls.
  • Familiarity with international cyber security standards such as ISO/IEC 27001, ISO 22301, PCI DSS, PCI SSF, GDPR, etc.
  • Experience with software assurance and security in the development lifecycle using frameworks such as OWASP SAMM and NIST SSDF.
  • Familiarity with cloud platform security architectures of the three major cloud service providers (Azure, AWS, GCP), related features and technologies.
  • Experience in identifying and reporting security vulnerabilities on software running on cloud platforms (OWASP Web Top10 vulnerabilities, data encryption, transport layer protections, insecure configurations, secrets management, etc.).
  • Experience in cyber security training either classroom-based or remote.