We are in search for a qualified professional to design, implement, troubleshoot, analyze, and maintain our IT security systems. This role will concentrate on overseeing key security infrastructure components, including Endpoint Detection & Response (EDR), data and drive encryption, Web Application Firewall (WAF), forward and reverse proxies, email security, Privileged Access Management (PAM), Identity Access Management (IAM), Public Key Infrastructure (PKI), DNS security, database security, vulnerability management, Network Intrusion Detection/Prevention Systems (ID/PS), and DDoS mitigation.
The individual in this position will be instrumental in safeguarding the security and stability of our organization’s IT environment. Moreover, after-hours support will be required to address any critical security issues that may arise.
Qualifications, Experience & Skills:
- Essential Qualification: BS degree in Computer Science / Cybersecurity / Security & Networking Technologies / Digital Forensics.
- Desirable Qualification: Cybersecurity Certifications such as Security+, GCIH, GCFA, OSCP, CCSP.
- Work Experience: Fresh Graduates & up to 3 years of work experience in Cybersecurity system administration.
General Responsibilities:
- Handle daily tasks, including troubleshooting IT security issues and responding to service requests within set SLAs.
- Complete all tasks assigned by line manager.
- Participate in after-hours upgrades, troubleshooting, and/or on-call availability as needed.
- Provide consultation and guidance regarding the planning of future security service additions and modifications.
- Ensure the environment's integrity through the management of security, performance monitoring, change control, and software management.
- Documentation and Compliance: Maintain detailed records of security infrastructure setup and configuration. Ensure compliance with relevant regulations, standards, and best practices.
- Performance Optimization and Troubleshooting: Monitor the performance of security infrastructure components and proactively address issues to ensure availability and reliability. Troubleshoot and resolve technical problems in a timely manner.
- Explore new security technologies and recommend software, operating systems, and hardware to enhance performance.
- Put together a Disaster Recovery Plan for all critical systems, including testing and exdcuting them.
Administrative Responsibilities:
Maintain Cybersecurity Systems:
- Manage existing and newly introduced cybersecurity systems across different layers of the environment:
Perimeter Security (DDoS Mitigation Solution, Firewall Analyzer):
- Configure and maintain perimeter-level solutions to safeguard against external cyberattacks targeting the DP World GCC Region’s environment.
Network Security (Forward & Reverse Proxy, Intrusion Detection/Prevention System (ID/PS) :
- Manage forward and reverse proxy solutions to regulate and secure internet access and application traffic.
- Enforce and monitor proxy policies and access controls to ensure security and compliance.
- Monitor inbound and outbound traffic within the environment, preventing any suspicious activities.
- Maintain the IPS solution with an updated threat feed to keep up with the latest attack trends, indicators of compromise (IOCs), and vulnerabilities.
Host Security (Endpoint Detection Response (EDR), Vulnerability Management):
- Oversee the vulnerability management process, including scanning, assessment, and remediation of security vulnerabilities.
- Establish processes to collaborate with IT teams to prioritize and address identified vulnerabilities.
- Ensure all hosts (servers and desktops) are protected with an updated EDR solution to defend against the latest malware and threats.
- Investigate suspicious probes on hosts through the EDR solution to identify root causes and address false positives.
Application Security (Web Application Firewall (WAF), API Security, Database Security, Email Security, DNS Security, Public Key Infrastructure (PKI)):
- Deploy, configure, and maintain WAF solutions to protect web applications from cyber threats and attacks.
- Monitor and analyze WAF logs to identify and mitigate potential security risks.
- Collaborate with development and network teams to optimize WAF policies and rules.
- Assess and strengthen the security of APIs utilized within the organization's systems and applications.
- Design and enforce API security standards, including authentication, authorization, encryption, and input validation mechanisms.
- Collaborate with development teams to integrate robust security practices into the API design and development lifecycle.
- Oversee the configuration and operation of email security systems to guard against spam, phishing, malware, and other email-based threats.
- Maintain the email security system according to cybersecurity best practices.
- Develop, implement, and enforce database security policies, procedures, and controls to ensure the confidentiality, integrity, and availability of critical data.
- Collaborate with database administrators to apply security patches, updates, and configurations to safeguard against emerging threats.
- Monitor database activity logs and investigate security breaches or unauthorized access incidents, taking prompt corrective action.
- Administer DNS services to ensure the availability and integrity of domain name resolution.
- Implement DNS security measures to protect against DNS-related attacks and vulnerabilities.
- Manage the organization's PKI infrastructure, including certificate issuance, revocation, and key management.
- Ensure the security and integrity of digital certificates used for authentication and encryption.
User Security (Identity Access Management (IAM), Privileged Access Management (PAM)):
- Administer and enhance the PAM solution to control and monitor access to critical systems and resources.
- Implement best practices for managing privileged accounts, sessions, and credentials.
- Configure, design, implement, and enhance user access management based on job requirements.
- Collaborate with application administrators to develop and enhance Joiner, Mover, Leaver (JML) use cases based on authentication and authorization methodologies.
- Monitor logs and recordings of access management solutions to identify unauthorized access and internal threats.
- Conduct periodic access reviews and enforce access management policies.
Data Security (Database & Drive Encryption, Data Loss Prevention (DLP):
- Implement data encryption based on the nature and criticality of stored data, in collaboration with database administrators, while adhering to market standards and acceptable encryption algorithms.
- Maintain and enhance key management policies according to market standards and regulations (ISO, ISR).
- Protect all DP World portable devices with drive encryption technologies.
- Troubleshoot all encryption-related issues (database/drive) promptly.
- Ensure all organizational documents are properly labeled to enhance user experience and maintain the confidentiality of internal data.
- Prevent external access to organizational data by enforcing DLP policies and practices.
Incident Response:
- Develop and enforce an Incident Response Plan for security-related incidents based on cybersecurity standards (ISO 27001, SANS) and frameworks (MITRE ATT&CK).
- Investigate and respond to security incidents related to WAF, proxies, email security, ID/PS, EDR, PAM, IAM, and others.
- Participate in post-incident analysis and implement necessary security improvements.