IT Security Engineer - Oman Information Technology
IT Network Security Engineer will support and coordinate with the IT Administrator to carry out security operational activity for IT system such as:
? Assessment and audits of current state of security risks and threats.
? Full fill various assessment gaps and findings by implementing the required technical fixes and solutions IT environment.
? Monitoring and review of Network boundary protection, including managed services for firewalls, intrusion detection systems (IDSs), and virtual private networks (VPNs)
? Incident management, including emergency response and forensic analysis.
? Vulnerability assessment and penetration testing
? Assessment and support for SCADA System Security.
a) IT Security
b) Risk Management
c) IT Security Governance
d) Business Continuity
e) Understanding of Industrial Control Systems (ICS) Security
f) IT Procurement
g) Security Product Implementation
The major roles of this resource are such as:
a) Ensure ongoing risk assessment/management of external and internal threats to ensure risk mitigation and security practices and controls remain appropriate
b) To address security issue identified by internal/external audits and work with the business units to mitigate risk and define compensating controls.
c) Contribute to the successful development and maintenance of a global security and risk framework for all the company
d) Routine operation and maintenance of security products and solutions deployed in the organization to meet the operational, policy and compliance requirements. Carryout security configurations for infrastructure devices, server and application as required.
e) Enhance existing information security metrics and provide ongoing management reporting on information security related issues and activities
f) Maintain Vulnerability Management program
g) Design and manage processes for detection, investigation, correction, and/or prosecution of information security breaches, violations, and incidents
h) Implement and maintain all IT policies and procedures, including those for architecture, security, disaster recovery, standards, purchasing, and service provision for corporate as well as the security components of the company systems
i) Responsible for executing disaster recovery and high availability plan and procedures.
j) Provide support to OT security team to maintain and fulfil cybersecurity and regulatory requirement.
k) Conduct information security awareness training and education programs.
l) Develop and maintain effective relationships at all levels to communicate the information security plan and integrate effective security within business processes and projects including necessary support for end user issues.
m) Develop bid requirements for all hardware and software upgrades, reviews submitted bids for compliance with stated requirements, and makes the appropriate award and act as an advisor on security related bids and tenders.
n) Monitor system security requirements during all life cycle phases and system recovery processes are to ensure that security features and procedures are properly maintained.
o) Adhere to company`s health, safety, environment and security policies at all time and
p) Immediately report violation of these policies to Health and Safety Representative to ensure HSE standards are met and adhere to.
q) Implementation of new solutions, tightening and fine-tuning of existing security solutions, technical skills on products
1.4 Experience Qualification & Competencies (as per tender)
a) 6 years in IT industry specializing in IT cyber security, RISK management and security audit and plant security.
b) Hands on expertise of Juniper, Fortinet, Cisco Firewalls. Skills on MacAfee end user Security, Tenable.
Graduate in Computer Science / information technology with relevant cyber security certification.
At least one Cyber security certifications such as CISSP, GIAC, CISA, CISM, CRISC, CCNA,CBCP
a) Solid technical knowledge and background of information security technologies such as Fortinet/cisco/ juniper firewalls, MacAfee suite, SIEM, Tenable Nessus and best practices
b) Knowledge of risk assessment techniques, Business continuity practices as well
c) Knowledge of any international Information security management systems such as ISO 27001 etc.
d) Knowledge of Policies, Standards and best practices
e) Knowledge of Information security Risk and audit methodologies
f) Strong project and program management skills
g) Excellent presentation and communications (both written and oral)
1.4.5 Technology skills
Hands on experience of products Fortinet UTM, Juniper Firewall, Cisco firewall, Solarwinds, Mange Engine, and Microsoft System Center etc.