IT Cyber Security Assurance and Risk Specialist

Job Purpose

The purpose of the IT Cyber Security Assurance and Risk Specialist role is to continuously improve the protection of information systems by preventing unauthorized disclosure or modification. This involves coordinating with system owners and internal stakeholders to enhance Nawah's security posture.

Key Activities, Responsibility & Accountability

Penetration Testing

Responsibilities and Accountabilities:

1. Scope and perform penetration testing on systems, networks, and applications to identify vulnerabilities.
2. Utilize manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
3. Use penetration testing tools and frameworks such as Metasploit, Nmap, Nessus, Burp Suite, Wireshark, Air crack-ng, SQL map, Tenable, John the Ripper, Hydra, OWASP ZAP, SOAP UI, Echo mirage, etc.
4. Write clear and concise penetration testing reports detailing findings and recommendations.

Vulnerability Management & Security Assessments

Responsibilities and Accountabilities:

1. Perform on-demand and scheduled security assessments on enterprise solutions.
2. Perform Red team activities including but not limited to exploitation of identified vulnerabilities, perform breach attack simulations, phishing campaigns, collaboration with blue team to improve monitoring and defense measures.
3. Lead the vulnerability management program by performing scheduled and on-demand vulnerability assessments, vulnerability reporting, vulnerability prioritization, provide recommendations for remediation of identified vulnerabilities, validate remediation of mitigated vulnerabilities.
4. Work on Endpoint Detection and Response tool for operations and investigations.
5. Perform Secure Architecture Reviews for upcoming projects.
6. Conduct technical investigations of cybersecurity events and incidents, designing and recommending effective mitigations.
7. Stay updated on the latest security trends, threats, and technologies.
8. Provide technical guidance and support to IT teams on security-related matters.
9. Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.

Cloud Security

Responsibilities and Accountabilities:

1. Develop and implement cloud security strategies and plans to protect cloud-based systems, networks, and data.
2. Work in collaboration with IT teams to ensure the security of all cloud systems.
3. Identify and mitigate potential threats and vulnerabilities within the cloud environment.
4. Ensure compliance with industry security standards and regulations for cloud environments.
5. Conduct security assessments through vulnerability testing and risk analysis specific to cloud infrastructure.
6. Monitor cloud environments for irregular activities and potential security breaches.
7. Provide technical support and guidance in relation to cloud security.
8. Stay updated on the latest cloud security trends, technologies, and best practices.
9. Conduct regular security audits to identify potential weaknesses in cloud infrastructure.
10. Support the Audit teams during audit with required evidence.
11. Verify compliance to organization and regulatory requirements while onboarding of a new solution within the organization.
12. Represent Information Security Assurance Team in Enterprise Design Authority meeting and Enterprise Change Management Board meeting to ensure proposed changes and design comply with organization and regulatory requirements.
13. Provide strategic recommendations to enhance the organization’s overall security posture.

Qualifications

Education: Bachelor's Degree

Experience: 3 years of relevant experience.

Preferred: Bachelor’s Degree with 3 years’ experience, Diploma, Military or Police Academy graduate with 8 years’ experience, or High School with 10 years’ experience.