Cyber Security Engineer (20)
Location | Dar es Salaam, Tanzania, United Republic of |
Date Posted | November 26, 2022 |
Category | IT / Information Technology |
Job Type | Freelance |
Currency | TZS |
Description
Company Description
AFRICASHORE is an IT offshoring platform connecting IT experts and freelancers based in Africa to companies in Africa, Europe, USA, Canada and UAE remotely. Our partners, IT services companies and large groups, trust us to find them the best offshore Africa-based IT freelance consultants.
Our IT offshoring platform is present in 37 countries in Africa with a database of 230,000+ IT experts and freelancers classified into 303 IT specialties around 9 IT fields: Database Administration and NoSQL - Network and Telecom Security - ERP and Integrated Management Software - Big Data, Data Science and Business Intelligence (BI) - Programming, Development - IT Project Management - Consulting, Audit, Coaching and Training - Digital Marketing, SEO, Design and Multimedia - Production, Operations and Support.
Mission:
- Act as an internal subject matter expert with respect to CVA scanning and reporting. Assist in maintenance of the enterprise to VMLC (Vulnerability Management Life Cycle) policy and associated VM standard.
- Conduct required tasks for the vulnerability scanning program and publish reported vulnerabilities to impacted teams for remediation.
- Triage and risk rank vulnerabilities according to severity and exposure. Work with Product and IT teams to risk rank and patch vulnerabilities related to the technology stack. Develop remediation plans for vulnerabilities.
- Maintenance of an executive level dashboard and actionable metrics that reflect the current enterprise security posture.
- Scan and report on the appropriate configuration standards, to ensure baselines are being met and compliance drift is managed.
- Initiate improvement activity to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
- Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.
- Continuous review of configuration management and vulnerability management posture inside the company and knowledge of all external developments that could impact the CVA posture, including vendor patches, zero-day exploits, end-of-life systems or deprecated services.
- The ideal Endpoint Security Ops Engineer will be adept in learning new security capabilities, adaptable, take initiative, and be a team player.
- Bachelors degree in Cloud Computing or related.
- 5+ years experience in security engineering and development.
- Experience with at least one programming language (e.g. Python, JavaScript, Go, Ruby) is recommended.
- Demonstrate ability to work autonomously with critical and creative thinking.
- Experience with Cloud technologies.
- Maturity, judgement, negotiation/influence skills, analytical skills, and leadership skills.
- Ability to priorities multiple tasks and projects in a dynamic environment.
- Experience with Qualys or other security vulnerability detection technology required.
- Demonstrate subject-matter expert level understanding in multiple IT, Security and Software disciplines.
- Ability to understand the cause and effect of application vulnerabilities with Operating System Vulnerabilities.
- Must be able to multi-task and keep track of large amounts of information across disparate systems.
- Demonstrate technical security expertise in a variety of Cloud platforms.
- Comfortable interfacing with other internal or external organisations regarding problems that must be addressed to enhance security posture.
- Ability to work effectively in a team environment.
- Moderate documentation and analytical skills; documenting processes, policies and standards.
- Moderate ability to provide end to end support to enterprise counterparts, identifying root cause of complex enterprise initiatives.
- Moderate trouble shooting skills across complex enterprise applications, server and endpoint environments.
- Moderate ability to onboard, learn and adapt to new technologies.
- Basic knowledge of malware operation, indicators or threat.
- Moderate knowledge of current threat landscape.