Information Security Engineer (Auditor)

Description

We are looking to hire a Security Engineer who can play a key role in ensuring that the design and development of Eastnets technologies satisfy the highest degree of security possible.

In this role, you will act as an authoritative internal resource for applications, networks, and systems security. This role requires collaboration with developers, system and network administrators, as well as other stakeholders to ensure the correct design, development, and implementation of the company’s products, infrastructure, and systems.

You will also monitor and respond to security alerts and threats, take part in visualizing Eastnets security strategy and take part in implement security controls and projects across various departments. Additionally, you will participate in delivering Eastnets security consultancy services to its customers globally.

Responsibilities

The following are the responsibilities and tasks that you will be carrying out for the company if you are hired:

• Ensuring IT-Security-related systems are appropriate, and properly maintained and administered.
• Supporting system administrators in network administration and configuration.
• Reviewing, monitoring, investigating, and reporting any cybersecurity incidents.
• Identifying vulnerabilities, developing, and ensuring the implementation of the appropriate solutions to eliminate or minimize their potential effects.
• Conducting penetration tests and vulnerability assessments.
  Researching, evaluating, developing, and implementing Security solutions to meet industry standards and best practices.
• Designing, installing, configuring, supporting, and maintaining firewalls, and other security hardware and software infrastructure according to company standards and industry best practices, including firewalls, intrusion detection, and prevention devices, VPN concentrators, etc.
• Assisting in the maintenance and development of security policies and procedures, while evaluating new and existing security technologies.
• Working with other IT organizations to design, develop, and implement Enterprise Security solutions in support of development, test, and production environments.
• Monitoring security solutions and alerts to detect and respond to any possible security incidents.
• Participating and supporting other teams and departments in implementing and delivering security projects aimed at hardening Eastnet's security posture.
• Ensuring the proper delivery of Eastnets Security Consultancy Services to its customers globally.
• Assisting customers in handling and resolving support cases that require the expert opinion in areas related to information security.
• Participating actively in conducting security audits both by internal and external parties and ensuring the closure of all deviations and anomalies.

Requirements

• The candidate should have the following competencies/requirements:
• Higher education degree in one of the following fields: Network and Security Engineering, Computer Engineering, Computer Science, or equivalent experience.
• 1+ years of demonstrated experience in an Information Security role preferably with prior experience in delivering security consultancy services, operating in a banking environment, or working as part of an MSS delivery/operations team.
• Knowledge in digital forensics and incident response, detecting anomalous behavior relying on available technical capabilities to identify possible breaches, conducting forensics analysis and remediations, and compiling required reports.
• Practical experience in conducting penetration testing and vulnerability assessment exercises on network/host/application level, document recommend remediation measures, providing guidance on closing identified gaps, and coding/scripting is a plus.
• Able to conduct basic to intermediate firewall/network-related tasks based on an adaptive environment requirement.
• Knowledge of the principles of secure architecture and static/dynamic application testing based on security best practices.
  Willing to lead or take part in delivering small to medium-sized projects in cooperation with other teams operating globally remotely or on-site (willingness to travel) is a must.
• Strong verbal, technical writing, and time management skills are highly required.
• Willing to learn about and adapt to new technologies in a fast-based environment.
• Knowledge of security standards and frameworks e.g. ISO27001, ISO22301, NIST, SWIFT CSP/SIP, etc.
• Security-related certifications: CEH, CHFI, CPT, OSCP, GMON, GCIA, CIHE, CISA, or similar are preferable.
  Automation and scripting skills for configuration management and monitoring.
• Ability to write project plans, lead cross-functional project teams, and lead problem-solving activities.