Job Description

Experience:

Minimum of 6-8 years of experience in Information Security domain. Knowledge on

International Standards such as NIST, ISO27000, PCI-DSS, COBIT, Cyber Security standards,

with technical hands-on security controls.

Job-Specific Skills:

Working experience within Security Operations, Cybersecurity Design, NOC/SOC

support. Knowledge on International Standards such as ISO27000, ISO20000, PCI-DSS,

Cyber Security standards, Playbook Design, etc.

Vulnerability management, MSSP.

Have a detailed knowledge of tactics, techniques and procedures used by threat

actors, and the ability to analyse data to identify anomalous and malicious behaviour.

Engagement Type: Onsite

Duration: 1 Year with one month termination clause

Functional:

Expert

Technical skill set on a broad range of technologies and security controls.

Business Process

Security Operations Center and Incident management

Security service operations management

Advance/Expert

Security Operations Center

Risk mitigation

IT Security Management

In-depth knowledge of OS technologies (Windows & Linux)

In-depth knowledge on SIEM Technologies, IPS and Network Design

Cloud Technologies (design, configuration, and security management)

Endpoint protection

Microsoft Security Azure Suite

Vulnerability Management

Proficient

Service Management

IT Project Management

IT Vendor Management

IT Security Management

Hands-on

Installation and Deployment

Infrastructure and Technology

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0009   Knowledge of application vulnerabilities.
• K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• S0137   Skill in conducting application vulnerability assessments.
• S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).