Security Project Manager
  • United Arab Emirates Sharjah
  • Dicetek LLC
1 year before
31.01.2024
Oversee and Govern
Cybersecurity Management
Job Description

Skills And Experience
• 6+ years of experience in managing IT infrastructure and operations, ensuring the confidentiality, integrity, and availability of systems.
• Extensive experience in network security measures, including NGFW (Next-Generation Firewalls), IPS (Intrusion Prevention Systems), Mail Security, EDR (Endpoint Detection and Response), VPNs (Virtual Private Networks), and content filtering solutions.
• Hands-on experience in implementing and operating VAPT (Vulnerability Assessment and Penetration Testing) activities, utilizing multiple VA (Vulnerability Assessment) tools to identify security vulnerabilities and recommend remediation actions.
• Proficient in Active Directory administration and management, including Group Policies, hardening techniques, and user access controls.
• Knowledgeable in analyzing security events and incidents, demonstrating proficiency in reading and understanding system data, such as security event logs, system logs, and firewall logs.
• Familiarity with SIEM (Security Information and Event Management) tools, with the ability to effectively identify security incidents and develop threat remediation plans.
• Excellent interpersonal, verbal, and written communication skills, enabling clear articulation of issues, alternatives, and recommendations.
• Experienced in working as a member of technical project teams, participating in the design, delivery, and testing phases.
• Knowledge or experience with various network security tools used for monitoring, analyzing, and securing network infrastructure.
• Proficient in working with both Windows and Linux platforms, ensuring the security of systems on multiple operating systems.
• Azure infrastructure experience,
• Experience of managing projects using risk management framework
• Experience in patch management and system hardening
• CISSP or CISM certification
• Ability to write routine reports and correspondence
• Ability to define problems, collect relevant data, establish facts and draw valid conclusions
• Ability to work on multiple tasks and to meet strict deadlines, whilst working in a team
• Result oriented with end to end ownership mentality
Responsibilities
• Delivery of the allocated projects in accordance with the Project Delivery Methodology
• Management of detailed project definition including creation of a Charter, gathering of cost estimates and preparation of the Business Case
• Creation of a project schedule and the management of allocated project resources to ensure the project deliver in accordance with the documented timeline
• Ensure all stakeholders are kept aware of progress and of any actions required of them
• Review VAPT reports, analyze findings, and collaborate with local teams to determine appropriate actions and closure of identified vulnerabilities.
• Assist in validating the effectiveness of remediation activities following VAPT assessments.
• Contribute to periodic penetration testing exercises and risk assessments to identify potential security weaknesses and recommend appropriate mitigation measures.
• Provide analysis of security events and escalate identified threats based on severity, ensuring timely response and resolution.
• Monitor daily SOC tickets, analyze security weaknesses, and collaborate with infrastructure and application teams to address and resolve identified issues.
• Participate in designing key infrastructure architecture and develop security designs to enhance the overall security posture of platforms.
• Possess proficiency in utilizing security tools for patch management, vulnerability assessment, authentication, and authorization.
• Collaborate with the team to review and enhance the security of Active Directory services.
• Excel in a multi-tasked environment, effectively managing priorities and delivering results.
• Utilize expertise in working with Windows and Linux platforms to ensure secure operations and maintenance of systems

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0046   Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0072   Knowledge of resource management principles and techniques.
  • K0090   Knowledge of system life cycle management principles, including software security and usability.
  • K0121   Knowledge of information security program management and project management principles and techniques.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0342   Knowledge of penetration testing principles, tools, and techniques.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
Required Abilities
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • A0163  Ability to interpret Communications Security (COMSEC) terminology, guidelines and procedures.
  • A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.
  • A0167  Ability to recognize the importance of auditing Communications Security (COMSEC) material and accounts.