What to expect:
- Provide security consultancy in area of threat and risk assessment throughout the system lifecycle from implementation to maintenance.
- Perform security operational work including security configuration, setup of applications or solutions to meet security requirements, patching, upgrading security patches
- Plan and participate in areas of security operations to ensure that processes meet defined information security policies and standards, and evolving security threats.
- Perform vulnerability assessment using automated tools and recommend actionable follow up to remediate the vulnerabilities and/or threats uncovered
- Lead and manage security assessments of system that include configuration review, vulnerability scanning and penetration testing.
- Work with stakeholders in the team to remediate risks by proposing suitable mitigation measures
- Develop and maintain security operations related playbooks and standard operating procedures
- Lead implementation of enterprise security infrastructures which includes Contractor management, design validation and test acceptance.
- Perform maintenance on the enterprise security infrastructures that covers service and security posture upkeep.
- Develop correlation rules in Security Information Event Management (SIEM) system to detect anomalies or security threats through monitoring.
- Escalate security incident alert to respective system owner and assist in containment and recovery from the security incident.
How to succeed:
- Experience in management, deployment and maintenance of zero trust security infrastructure
- Experience in end user device management, network security, secure design and incident response.
- Experience in, information security office, security consultancy and security operation an advantage
- Experience in effectively managing contractors and work in cross functional teams
- Up-to-date knowledge on the various security technologies
- Bachelor's degree computer science, information systems or related field.
- Security Certifications like CISA, GSEC, CISSP an advantage
- Experience in public sector technical writing and procurement processes an advantage
- Experience with DevSecOps methodology and toolsets
- Experience with Agile methodology and using common documentation, ticketing tools (e.g., Jira, Confluence)
- Experience with vulnerability assessment and penetration testing in an enterprise setting
- Experience in using cloud security tools and configuration AWS and Azure
- Familiarity with well known security and compliance frameworks such as ISO 27001, NIST Cybersecurity framework
- Familiarity with using container (e.g., Docker) and container orchestration (e.g., Kubernetes)