IT Security Engineer

Will also be required to provide guidance on the appropriate security solutions to use for tender proposals, and support bid managers in addressing the cyber-security concerns of their potential business leads. As an agile information security expert, you will also participate in the implementation of critical project security work packages hence you will be expected to:

• Act as the security ‘partner’ of the agile project teams, for all questions related to information security
• Contribute to information security strategy and agile security process improvement
• Ensure fundamental requirements or state of art of specialty engineering is taken into account for solution element or component design and development
• Contribute to formalization and implementation of allocated requirements to solution elements or components, to their interfaces and their verification criteria
• Participate in solution integration and verify that solution meets specialty requirements

• Understand the security requirements and provide support for IT Security work packages in bids and projects
• Provide security consultancy to internal teams on their project’s/business opportunity’s security needs
• Perform security risk assessment for projects and systems and recommend appropriate mitigation measures
• Act as the technical point of contact on security matters for customers, responding to their queries and providing appropriate solutions
• Work with internal and external teams to successfully implement proposed security solutions such as host-based endpoint protection, network firewalls, SIEM, 2FA
• Perform security audit or review of a system to highlight gaps in security compliance
• Support projects’ service teams in daily operations for security such as firewall administration, OS patching, and managing security incidents

The candidate should possess the following:

• Degree in Information Technology / Computer Science or equivalent
• Minimum 5 years’ experience in the IT Security domain
• Minimum 5 years of working experience in at least 2 of the following domains: Application security, Network security, System security, Data security, Cloud security
• Technical hands-on expertise in firewalls, IDS/IPS, AV, IAM, or PIM
• Knowledge of TCP/IP and network protocols, mobile technologies or virtualization
• Able to write simple shell scripts or Python/Perl scripts for system administration tasks
• Experience in vulnerability assessment and penetration testing
• Good knowledge/experience in major Security Standards and Guidelines ISO 27001
• NIST
• Common Criteria
• IEC 62443

• An internationally recognised professional security certifications such as:
• Certified Information Security Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• OSSTMM Professional Security Tester (OPST) CREST Practitioner Security Analyst (CPSA)