Qualifications
- Minimum 4 years of relevant education (master or equivalent) after the secondary school
- Minimum 6 years of relevant professional experience in IT security
Advanced knowledge or experience of/in:
- Implementing security best practice guidelines (ISO 27001, NIST, SANS Top 20 OWASP and etc.)
- Good practice in the secure configuration of servers, network devices and applications
- Networking protocols and application communications. TCP/IP, Network Security.
- Network analysis tools.
- Securing Unix and Windows operating systems; Linux, Active Directory and Microsoft Forefront Identity Manager administration;
- Securing middleware and applications.
- Network penetration testing
- Web application penetration testing
- Performing vulnerability assessments
- Performing forensic image collection and analysis
- Managing/deploying the following security technologies: Firewalls; Antivirus, IDS/IPS - Intrusion detection/Prevention Systems, SIEM – Security information and event management; IAM – Identity and access management; APT – Advanced Persistent threat detection; DLP – Data loss prevention; VA – Vulnerability Analysis and mitigation; PKI – Public key infrastructure; Virtual environments; Endpoint security; Mobile security; Communications and data encryption ; Remote access methods; Backup and disaster recovery methodologies; Patch management technologies and processes; Wireless protocols and services.
- OWASP and secure software development standards
- Performing security code reviews.
- Security configuration reviews of IT Infrastructure and security devices, OS, Databases etc.
Expected to possess one or more of the following qualifications:
- Certified Information Systems Security Professional with Information Systems Security Architecture Professional concentration (CISSP-ISSAP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- OSCP, OSCE, GPEN, CEH, CCNA, CCNP