Skills Required
Linux Databases CISA CISSP PKI Active Directory TCP/IP OWASP Firewalls ISO 27001 NIST SANS Antivirus IDS/IPS SIEM IAM APT DLP VA OS OSCP OSCE GPEN CEH CCNA CCNP Networking protocols Virtual environments Endpoint security Mobile security Wireless protocols ISSAP CISM Network security Network analysis tools Network penetration testing Web application penetration testing Communications and data encryption Wireless Services secure software development standards
�Description
- Perform specific security IT tasks related to the provision of the security assurance on the corporate IT and in the same time to support in managing the physical security and safety related systems
- Security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
- Develop and validate baseline security configurations for operating systems, applications, and networking and telecommunications equipment
- Perform internal and external technical control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action.
- Perform source code reviews
- Perform network and application penetration testing ( Black box, Grey box and White box)
- Defining detailed security architecture
- Performing technical security audits
- Security monitoring and log analysis
- Provide support during security incident analysis
- Perform IT infrastructure/ Application Security configuration reviews
- Design and implement technical security mechanisms and technologies
- Design and develop technical security standards and procedures.
- Support the monitoring and management of the IT elements of the physical security and safety-related systems
- Performing any other activity related to the security of the IT corporate infrastructure
Qualifications
Education:
Minimum 4 years of relevant education (master or equivalent) after the secondary school.
Professional experience:
Minimum 6 years of relevant professional experience in IT security
Professional competencies
- Proof read communication, documents, draft emails, etc. as needed
- Maintain high level of accuracy, confidentiality and professionalism
- Ability to create professional documents and emails
- Run reports & handle special projects as assigned
- Implementing security best practice guidelines (ISO 27001, NIST, SANS Top 20 OWASP and etc.)
- Good practice in the secure configuration of servers, network devices and applications
- Networking protocols and application communications. TCP/IP, Network Security.
- Network analysis tools.
- Securing Unix and Windows operating systems; Linux, Active Directory and Microsoft Forefront Identity Manager administration;
- Securing middleware and applications.
- Network penetration testing
- Web application penetration testing
- Performing vulnerability assessments
- Performing forensic image collection and analysis
- Managing/deploying the following security technologies: Firewalls; Antivirus, IDS/IPS - Intrusion detection/Prevention Systems, SIEM – Security information and event management; IAM – Identity and access management; APT – Advanced Persistent threat detection; DLP – Data loss prevention; VA – Vulnerability Analysis and mitigation; PKI – Public key infrastructure; Virtual environments; Endpoint security; Mobile security; Communications and data encryption ; Remote access methods; Backup and disaster recovery methodologies; Patch management technologies and processes; Wireless protocols and services.
- OWASP and secure software development standards
- Performing security code reviews.
- Security configuration reviews of IT Infrastructure and security devices, OS, Databases etc.
- Expected to possess at least one of the following qualifications:
- Certified Information Systems Security Professional with Information Systems Security Architecture Professional concentration (CISSP-ISSAP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)OSCP, OSCE, GPEN, CEH, CCNA, CCNP
