JOB DETAILS:
POSITION OBJECTIVES
• To assist Senior Manager ICT Security and BCP and Director of Technology to drive information technology security strategy.
• To protect the organization’s data and systems using sophisticated tools, instrumentation, and knowledge of Information Technology (IT) to monitor, evaluate, and manage Cyber risks.
• To identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges.
• To utilize the new technology which will increase the security of our existing and emerging IT systems.

KEY RESPONSIBILITIES
• Perform audit and security compliance checks, including network penetration testing, vulnerability scans, and other configuration analysis.
• Lead the ICT team and consult them on the remediation of security vulnerabilities.
• Hunt cybersecurity threats and mitigate them before they compromise the organization.
• Implement appropriate security tools and systems to uncover potential threats before they turn into attacks.
• Develop cyber threat models and security risk assessments and recommend mitigations and countermeasures to address risks, vulnerabilities, and threats. l Conduct Malware monitoring, analysis, and reverse engineering.
• Perform Information Security Incident Handling and Digital Forensic Investigations.
• Analyze network traffic for intrusions and cyberattacks in both parameter and internal networks.
• Monitoring and analyzing events and alerts from a wide array of security devices and systems (SIEMs, Firewalls, IDS/IPS, WIPS, Systems, Networks, Anti-virus, etc.)
• Administer Security Incident and Event Management system(SIEM) and ensure all mission-critical systems are well-integrated.
• Take Part in the software development lifecycle and uncover potential flaws before and after deployment.
• Formulate and review IT Security controls following best practice benchmarks for applications, operating systems, network devices, storage, databases, and endpoints.
• Implement Cyber controls as stipulated in the policies and procedures.
• Assisting in the development of security compliance reports such as ISO27001, PCI DSS, and more as directed from time to time.
• Perform cybercrime incident coordination, analysis, and response in collaboration with the authorities and the internal fraud unit.
• Access and document the damage caused by security breaches and report to all stakeholders.
• Prepare security alerts and warnings to the users and interested parties.
• Maintains technical knowledge by attending educational workshops; reviewing publications.
• As part of the team, support security initiatives through predictive and reactive analysis and articulating emerging trends to management and staff.
• Perform any other related information security duties assigned from time to time.

Education and Experience
• Bachelor’s degree/Advanced Diploma in Information Technology, Computer science, Cybersecurity, Information Technology, Computer Engineering or any other related discipline from recognized University.
• Should have a minimum of two years’ experience of ICT technology with at least hands-on technical roles in cybersecurity security, digital forensics, or information security.

Competency and skills:
• Ability to work in a fast-paced environment.
• Problem-solving and decision-making skills.
• Good communication and sound interpersonal skills.
• Exceptional verbal and written skills.
• Ability to prioritize tasks and to work independently or in a group as needed.
• Fundamental knowledge and understanding of TCP/IP, routing, firewall, switching, and hands-on experience using tcpdump or Wireshark.
• Network Mapping and cyber analytics.
• Knowledge of or experience with SIEM, DAM, IPD/IDS monitoring technologies
• Working knowledge of the Linux, Unix, and Windows operating systems.
• Experience working on a cyber-security incident response team.
• Working knowledge of various web servers and web technologies and application-layer.
• Knowledge of scripting languages and Python programming language is a bonus.
• Knowledge of Relational Database Management Systems such as Oracle, MSSQL, MySQL, and SQL language.
• Working knowledge of public key infrastructure and encryption systems.
• High levels of integrity in the conduct of personal and professional affairs.
• Professional Certification such as CISSP, CEH, CPENT, CCNA Security is an added advantage.
• The capability of conducting threat hunting, vulnerability assessment, and penetration testing.