Description
Are you an experienced Infrastructure/Security Consultant?! then we have an interesting job opening available!
We're looking for 2 consultants for our end client based in The Hague!
Start: July 1st 2012
End:
Rate: 60
Services required:
Security & Audit service requirement - Information (infrastructure) services
Department Introduction
The Information Security (InfoSec) team of the Security & Audit Directorate (S&A) provides support and advice on a wide range of technical and non-technical topics related to information security. Their mission is to ensure a protective security framework so that our client's automated systems and information are available and reliable, and so that access is authorised, controlled and registered.
In addition to the regular activities, S&A is also providing additional security advice and opinion to the business and information management teams duties involved in the current IT transformation work being undertaken by our client.
In order to complement the team, we are seeking additional services to provide information security
skills that will enhance the InfoSec team's ability to fulfil both its regular and additional goals and
objectives.
To provide this service there will be a need to demonstrate wide experience of delivering sound information assurance advice in a number of different organisations, a deep technical background gained from experience designing and delivering technical infrastructure, and application of extensive knowledge of IT Infrastructure to provide sound advice to mitigate information risk commensurate with
business need in a cost-effective way.
Services to be delivered:
Assisting with the information security review of automation projects and providing information security related advice to the staff managing and working on those projects.
Understand the challenges and threats facing the business and translate this understanding into sound security requirements for new and existing IT Infrastructure that effectively mitigate identified
risks whilst allowing the business to continue to operate effectively.
Complete technical risk assessments as necessary.
Identify system vulnerabilities as necessary and complete or propose work to test the security of a
system using specialists in penetration testing.
Collaborate with the architecture team with translating the security requirements into a security
architecture.
Monitoring and advising on information security issues related to the systems and processes to ensure that security controls effectively mitigate risk and operating as intended.
Assisting with the establishment of all elements of ISMS including continuing development and documentation of information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Collaboration with IT management, the legal department and the operational IT and physical security groups to support security management implementation and enforcement while representing the security team in a positive light, ensuring that it is seen as a business enabler.
Assisting with responses to information security incidents and vulnerabilities.
Qualifications, skills and experience
7 years+ of progressive experience in IT Infrastructure and information security, including experience broad experience in securing Internet
technologies.
Demonstrable broad knowledge and hands-on experience of infrastructure technologies through the entire infrastructure stack, including: network, virtualisation, SAN, server OS (Windows and UNIX)
and common business technologies (for example, SQL Server, SharePoint). Technical knowledge of and experience working with
computer systems and the application of security to those systems.
Knowledge and practical experience of security risk assessment following ISO 27005 and/or eSABSA standards and methods.
Knowledge of information security standards, in particular ISO 27001 & 2, rules and regulations related to information security and data confidentiality and desktop, server, application, database, network security principles for risk identification and analysis.
Strong analytical and problem solving skills.
Ability to communicate (oral, written, presentation) in English, interpersonal and consultative skills.
Experience should include security policy development, security education, risk analysis and compliance testing.
Experience in large, international organizations.
Experience with application security.
CISSP, GIAC, or other security certifications and/or membership of a professional institution representing security professionals.
System penetration testing, application vulnerability assessments.
Security Incident Management, including incident analysis.
SABSA, TOGAF, experience and/or certification.
Technical knowledge and expertise
Very good knowledge and experience of many of the following technologies is highly desirable.
o Firewalls
o IDPS
o VPN technologies, including SSL.
o Web Access Management
o Malware protection
o Authentication technologies such as Radius, Kerberos, Single-Sign On, Vasco tokens,
Federation (SAML, WS-Fed), WebSSO, two factor authentication
o Authorization including RBAC, Rules based authorization
o LAN, WAN and SAN concepts and technical implementations
o Mainframe, Windows, Unix, Linux Operating Systems
o Identity Repositories including LDAP, Active Directory, RACF
o IAM suites including Microsoft FIM 2010, Microsoft ADFS
Is this you? Please send us your English CV including a short motivation now!