Information Security Officer - Vulnerability Management
DOHA BANK
قطر
منذ 4 يوم
source : tanqeeb

Work Responsibilities

  • Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications / devices using industry standard VAPT / Mobile testing tools.
  • Shall also develop / review procedures and policies related to Information Security, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting and enhance them with best practices
  • Should be able to perform effectiveness test for various Security solutions such as Anti-virus, SIEM, WAF, Firewalls, IPS, Switches and Routers with suitable use cases.
  • Develop and maintain security testing plans (VAPT) and track the progress and present to the management. Create project deliverables / reports and assist the CISO during submissions and Management presentations / discussions
  • Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
  • Produce actionable, threat-based, reports on security testing results

  • Regularly follow-up IT and other stake holder on compliance and escalate.
  • Act as a source of direction and guidance for the vendor representatives assigned with VAPT and other assessment exercises in addition to the in house assignments.
  • Shall manage the complete project and act as bridge between CISO and Vendor representatives.

  • Mentor and coach other IT security staff to provide guidance and expertise related to Application and infrastcruture security best practices from time to time
  • Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
  • Communicate security issues to a wide variety of internal and external stake holders (as needed) including technical teams, executives, risk groups, vendors and regulators
  • Critical thinker and problem solver
  • Excellent organizational and time management skills
  • Technical Skills Required

  • Hands on knowledge on Tools : Nmap, Kali Linux, Metasploit, Armitage , Maltego, Burp, Paros Proxy Nessus, nexpose, wireshark, sqlmap etc.
  • Should have experience of handling application assessment tools like of tools like HP Fortify, IBM Appscan, Burpsuite
  • In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
  • Hands on experience with testing frameworks such as the PTES and OWASP
  • Applicable knowledge of Windows client / server, Unix / Linux systems, Mac OS X, VMware / Xen, and cloud technologies such as AWS, Azure, or Google Cloud
  • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.
  • Familiar working with Publicly available exploits codes.
  • Work Experience

  • 4-7 years of Information Security Assessments including Vulnerability Assessments, Penetration testing of large-scale infrastructure
  • Experience of understanding Information System Vulnerabilities and exploit techniques
  • Thorough knowledge of OWASP top ten attacks for web and mobile and remediation.
  • Knowledge of Open Source Security Testing Methodology Manual (OSSTMM)
  • Educational Qualifications

  • University graduate with a degree in Computer Science, Computer Engineering or any other related discipline.
  • Professional certification / qualification

    Candidates with any of the following certifications is preferable :

    CISSP, CISM, LPT, OSCP, GPEN, GMOB, Kali Linux certified professional etc

    قدِّم طلب ترشيحك
    أضف الى المفضلات
    إزالة من الإشارات المرجعية
    قدِّم طلب ترشيحك
    بريدي الالكتروني
    بالضغط على "واصل" ، أعطي موافقة نيوفو على معالجة بياناتي وإرسال تنبيهات إلي بالبريد الإلكتروني ، على النحو المفصل في سياسة خصوصية لـ نيوفو . يجوز لي سحب موافقتي أو إلغاء الاشتراك في أي وقت.
    واصل
    استمارة الطلب