ERP21
Cyber Security Specialist
Full Time  / 5 Years
Information Technology
Posted 07 Dec, 2024
Job Description
- The Cyber Security Specialist is responsible for designing, implementing, and managing security solutions to protect the company's information systems, networks, and data from potential threats and cyber-attacks. The primary role is to provide expert guidance, support, and leadership in all
matters related to security within an organization. This role will require strong analytical and collaboration skills, detailed working knowledge of current and emerging security technologies, as well as the ability to correlate events to identify abnormal behaviour.
Responsibilities:
• Serve as a Subject Matter Expert (SME) for security technologies, supporting high visibility needs of the business in a variety of special projects. These unique projects often involve expedited deliverables, operational agility, and require top quality deliverables covering both the consulting and operations functions.
• Investigate any security incidents and provide insights to internal/external business users.
• Develop processes and procedures and fine-tune alerts as part of ongoing improvisation of security operations.
• Develop cloud/hybrid and cloud platform-specific security policies, standards, and procedures on cloud providers (Azure, AWS) and cloud-native platforms (PCF, Docker, Kubernetes, etc.)
• Identify and deliver appropriate cloud security controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud-native threats.
• Conduct integration of supported Cloud-based Security Products such as Web Application Firewall (WAF), Web Security Proxy, etc.
• Conduct detailed & comprehensive investigations and triage on a wide variety of security events.
• Recommend and implement remediation processes.
• Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques
• Collaborate with cross-functional teams to implement security measures and address security requirements.
• Communicate security risks, recommendations, and status updates to stakeholders, management, and team members.
• Identify opportunities to improve processes and/or tools to ensure the highest level of quality, including documentation, mentoring, and training sessions.
• Own the technical components of a customer integration project including but not limited to configuration, debugging, documentation, testing, and go-live support.
• Identify and mitigate potential security threats and vulnerabilities
• Provide relevant recommendations to improve the overall security posture of customers.
• Deployment of security technologies while ensuring standards are adhered to as well as maintenance/repair supervision working with vendor support teams on corrective activities for system issues.
• Assist in any ad-hoc tasks when necessary.Manage and optimize security tools, such as firewalls, antivirus software, and intrusion detection/prevention systems (IDPS).
• Perform 1st level troubleshooting on servers and network issues with regards to log collection/security tools.
• Generate reports on security metrics, incidents, and remediation efforts for management.
• Maintain accurate documentation of incidents, security changes, and system configurations.
• Any other ad-hoc duties as required or assigned.
Job Requirements
- Over 5 years of experience in Information Security or engineering.
- At least 2 years of direct experience in one of the Public Cloud platforms, such as AWS or Azure with strong knowledge of their security features.
- Ability to identify and drive remediation of public and hybrid cloud risks.
- Experience in general security technologies, processes, and concepts.
- Industry-recognized security certifications (OSCP, CISSP, CISA, CEH, AWS Security, etc.).
- Working experience on SIEM / Analytics tools, eg: Securonix, MS Sentinel, Splunk is a MUST (*Configure policy, apply best practise, fine tuning, migration, L3 troubleshooting).
- Working experience with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc.
- Strong analytical and problem-solving skills, with the ability to identify and address security risks and vulnerabilities.
- Working knowledge of security systems and programs.
- Ability to analyze and develop innovative recommendations and solutions.
- Sound fundamental knowledge of Internet technologies, such as TCP/IP, HTTP, SSL, DNS, OWASP Top10, and web servers (e.g. Apache, IIS, Nginx, etc.).
- Experience with web security concepts and technologies such as web application firewalls, and proxy.
- Familiarity with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, and Open-source tools like Jenkins, DefectDojo, and OWASP Glue will be an added advantage.
- Excellent verbal and written communication skills.
- Independent and results-oriented.
- Willing to work on a flexible schedule depending on business need.
Other open positions