Description
Job description:
- Defines and aligns security policies in relation to the ICT environment that is inline with industry standards.
Works with upper management to develop policies and procedures that govern:
1) the monitoring and protection of the ICT operations space,
2) emergency response, risk identification,
3) perimeter security, and
4) physical protections controls in the data centers.
- Define the security direction for the organization, including systems, networks, user services, and vendor development efforts.
- Develop and interpret security policies and procedures.
- Act as the technical escalation point for security incident investigations. Conduct appropriate investigations using network and disk forensic tools.
- Protects system by defining access privileges, control structures, and resources.
Qualifications:
- Demonstrated knowledge of physical and logical security.
- At least 3 years of system, network and/or application security experience with solid understanding of TCP/IP and routing protocols.
- At least 3 years' experience in infrastructure or application-level vulnerability testing and auditing.
- Consistent implementation of security solutions at the business unit level
- Competency of information security governance best-practices
- Competency of information security risks management practices
- Experience with application level attacks and counter-measures
- Working experience of Unix/Linux and Windows operating systems, databases and its security capabilities.
- Ability to rapidly learn and apply advanced and emerging technical security principles, theories, and concepts.
- Exceptional analytical ability, communication and project management skills, documentation and the ability to work effectively with clients, IT management and staff, vendors and consultants.
- Strong understanding of internetworking protocols, platforms and devices including Firewalls, Servers, Routers and Switches and web application technologies
5+ years' experience in six or more of the following:
- Network topologies (WAN/LAN, protocols)
- SIEM (Ex: Splunk, ArcSight)
- Encryption technologies (ex: SSL/TLS, IPSec, TDE, PKI)
- TCP/IP stack
- Authentication/Authorization
- Web Application Firewall, Firewalls, IPS/IDS
- DLP, HIPS, File Integrity
- Enterprise anti-malware solutions
- Vulnerability management/Penetration testing
- Database Security/Wireless Security
- OS hardening and security best practices
- Must possess current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
- Extensive experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security.
- Experience with technologies, tools and process controls to identify and minimize risk and data exposure.
- Strong understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.
- Bachelor's degree in IT and Telecom related field.
- Professional certification on ITIL, ISO 27001, CISSP, CISM or equivalent.
- SANS SEC434 training or equivalent.
- Minimum of 7 years' experience in the field of telecom security.