Information Security Officer
  • United Arab Emirates Dubai
  • Bricks Technologies Systems
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

Information Security Officer
• Strong understanding of the threat landscape, risk management, patch management • Expertise in one or more of the following areas: Incident Response, Security Operations, Security Governance, Threat Intel, Cloud Security, Architecture, Data Protection, Network Security, Endpoint Security, server management, compliance, vulnerability assessment
Salary
: 16000 – 18000
Experience
: 10 Years
Joining Date
Job Location
: Dubai
Industry Type
Function
Reporting To
Job Type
: Full Time
Job Description
• Identifying vulnerabilities in our current network. • Developing and implementing a comprehensive plan to secure our computing network. • Monitoring network usage to ensure compliance with security policies. • Keeping up to date with developments in IT security standards and threats. • Performing penetration tests to find any flaws. • Collaborating with management and the IT department to improve security. • Documenting any security breaches and assessing their damage. • Educating colleagues about security software and best practices for information security.
Qualifications / Desired Profile

Bachelor s degree in information security, information technology or related technical discipline Minimum 5 years of professional information security experience

• Strong understanding of the threat landscape, risk management, patch management • Expertise in one or more of the following areas: Incident Response, Security Operations, Security Governance, Threat Intel, Cloud Security, Architecture, Data Protection, Network Security, Endpoint Security, server management, compliance, vulnerability assessment • Data protection, DLP, DRM, Data classification etc • Good understanding of regulatory requirements such as ISR • Good understanding of security frameworks, such as ISO 27001, NIST 800-53, HIPAA/HITECH, or PCI DSS • Good knowledge of tools used in security event analysis, incident response, computer forensics, malware analysis or other areas of security operations • Good understanding of networking, including TCP/IP protocols and network topology • Good understanding of security controls for common platforms and devices • Ability to successfully communicate with a range of technical and executive stakeholders • Ability to explain technical details in a clear and concise manner • Good report writing skills • Good to be certified in any of the following, CISA, CISM, CISSP

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0007   Knowledge of authentication, authorization, and access control methods.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0019   Knowledge of cryptography and cryptographic key management concepts
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0339   Knowledge of how to use network analysis tools to identify vulnerabilities.
Required Skills
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0159  Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).