Responsibilities:
Provide security consultancy in area of threat and risk assessment throughout the system lifecycle from implementation to maintenance.
Perform security operational work including security configuration, setup of applications or solutions to meet security requirements, patching, upgrading security patches
Plan and participate in areas of security operations to ensure that processes meet defined information security policies and standards, and evolving security threats.
Perform vulnerability assessment using automated tools and recommend actionable follow up to remediate the vulnerabilities and/or threats uncovered
Lead and manage security assessments of system that include configuration review, vulnerability scanning and penetration testing.
Work with stakeholders in the team to remediate risks by proposing suitable mitigation measures
Develop and maintain security operations related playbooks and standard operating procedures
Lead implementation of enterprise security infrastructures which includes Contractor management, design validation and test acceptance.
Perform maintenance on the enterprise security infrastructures that covers service and security posture upkeep.
Develop correlation rules in Security Information Event Management (SIEM) system to detect anomalies or security threats through monitoring.
Escalate security incident alert to respective system owner and assist in containment and recovery from the security incident.
Requirements:
Experience in management, deployment and maintenance of zero trust security infrastructure
Experience in end user device management, network security, secure design and incident response.
Experience in, information security office, security consultancy and security operation an advantage
Experience in effectively managing contractors and work in cross functional teams
Up-to-date knowledge on the various security technologies
Bachelor's degree computer science, information systems or related field.
Security Certifications like CISA, GSEC, CISSP an advantage
Experience in public sector technical writing and procurement processes an advantage
Experience with DevSecOps methodology and toolsets
Experience with Agile methodology and using common documentation, ticketing tools (e.g., Jira, Confluence)
Experience with vulnerability assessment and penetration testing in an enterprise setting
Experience in using cloud security tools and configuration AWS and Azure
Familiarity with well known security and compliance frameworks such as ISO 27001, NIST Cybersecurity framework
Familiarity with using container (e.g., Docker) and container orchestration (e.g., Kubernetes)
