Manager: Cyber Security Engineering and Audit 85 views

eTech is an end-to-end ICT solutions provision company setup by highly skilled technical and business professionals from around the world. These diverse experience skills make eTech uniquely equipped to be a leading participant in the technology accelerated transformation Ethiopia has envisioned.

eTech S.C. would like to hire the following list of professionals for the vacant positions. We invited you to apply by the indicated link.

Report to: Chief Cyber Security

Term of Employment: Permanent

Number required: 1

Job Summary/Basic Function:

Protect the company and clients from security breaches by identifying, analyzing and reacting to cyber security threats. Work with development and IT operations teams as cyber security’s activity manager, security analysts, and security engineers within eTech. Develop procedure to improve threat detection, decrease the likelihood of security breaches, and ensure an appropriate organizational response when incidents occur. And also work to isolate abnormal activity on servers, databases, networks, endpoints, applications, etc., identify security threats, investigate them, and react to security incidents as they occur. Cybersecurity audits uncover vulnerabilities and gaps in corporate security policies and systems that hackers would otherwise, inevitably exploit. Work as a specialize auditor in code auditing, looking at the source code for applications to find possible vulnerabilities introduced by poor programming practices and will spend much of their time using language-specific code-auditing tools.

Duties & Responsibilities

• Establish and maintain the information security vision and programming to include policy creation, training, risk assessment, and security incident response to ensure information assets and technologies are adequately protected
• Analyze and architect complex solutions to information technology cybersecurity threats that relate to confidentiality, integrity, and availability of data and systems
• Provide regular updates to the executive management team on status of company’s risk posture and security program
• Organize and lead the security incident response capability, preemptively engaging with and training stakeholders throughout the organization
• Manage and oversee our business continuity and disaster recovery efforts to ensure the organization is prepared for high-risk business disruptions
• Manage and oversee internal and external IT compliance related audit efforts
• Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities
• Develop and manage budget for security related capital and operational expenses, training, and staff needs
• Participates as a security engineering representative on engineering teams for the design; development; implementation and/or integration of secure networking; computing; and enclave environments
• Participates as a security manager representative on engineering teams for the design; development; implementation and/or integration of architectures; systems; or system components
• Participates as the primary security engineering representative on engineering teams for the design; development; implementation; evaluation; and/or integration of secure networking; computing; and enclave environments
• Participates as the primary security engineering representative on engineering teams for the design; development; implementation; evaluation; and/or integration of IA architectures; systems; or system components
• Supports in the enforcement of the design and implementation of trusted relationships among external systems and architectures
• Applies knowledge of Information Security Assurance policy; procedures; and workforce structure to design; develop; and implement secure networking; computing; and enclave environments
• Supports security planning; assessment; risk analysis; and risk management
• Identifies overall security requirements for the proper handling of eTech data
• Provides security planning; assessment; risk analysis; and risk management
• Recommends system-level solutions to resolve security requirements
• Conduct security administration tasks including security infrastructure management and monitoring in the areas of network monitoring, vulnerability assessment, data and compliance monitoring
• Manages and executes processes responsible for the advanced analysis of security threat intelligence (malicious code, industry events, hackers and zero day exploits, reverse engineering malware, phishing, etc.) in order to proactively prepare for security events
• Periodic handling of Incident alerts and incident handling in order to eradicate threats
• Identify false positives and false negatives from alerting
• Ongoing management and maintenance of security products used to monitor, correlate and alert
• Responsible for liaising with internal customers and vendors in order to handle incidents and to conduct threat analysis
• Responsible for verification of web applications, network, and system level vulnerabilities (manually and through security tools)
•  Perform other duties assigned to him /her by the immediate supervisor

What we will offer

• Attractive salary
• Exciting work environment
• Capacity building opportunities
• Opportunity to work with highly skilled international experts, and be part of team that provides high quality services and products.
• A great professional career path towards excellence

Qualification:

• Education: PhD/ MSC/BSC, in one of the following areas: Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, Electronics and Telecommunications Engineering, Computer and Information Security, Computer Security, and/or Network Engineering.

Experience:

• 8 years’ experience out of which 4 years should be in progressive experience in Information Security related roles. 2 years of experience in managing network and Security components, including firewall, intrusion detection/prevention systems, anti-malware products, Audit, forensics tools, data encryption, VPNs, vulnerability scanners, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services like Active Directory. And 2 years’ data/network/information system assurance management and system design, information security assessments, and Information Assurance Vulnerability Alerts management.

Competencies/ Personal attributes

• Management skills to manage one or more large, complex projects simultaneously
• Strong communication and interpersonal skills (includes negotiation)
• Excellent written and verbal communication skills – must be able to communicate fluently in English both verbally and in writing
• Proven ability to manage the idea-incubation lifecycle at all stages – from initial idea, to requirements, to planning, through to delivery and project completion
• Excellent time management skills, ability to efficiently prioritize and multitask, and work under pressure to meet deadlines and team objectives
• Excellent organizational, analytical, written, and verbal communication skills with the ability to multi-task and follow through on projects to completion
• Ability to interact and empathize with internal and external teams, demonstrating the ability to act as a value add partner for those teams
• People skills and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details
• Ability to solve challenging problems both individually and through team work.
• Having strong team leader & interpersonal communication skills.
• Shows integrity, commitment, willingness, and push for high standards of work quality.
• Having proactive, flexible and problem-solving skill.
• Being creative and strategic thinker.
• Having strong leadership skill.

Technical skills

• Knowledge of information security principles, including risk assessment, Audit and management, threat and vulnerability management, incident response, and identity and access management
• Knowledge of disaster recovery, computer forensic tools, technologies and methods
• Strong knowledge of TCP/IP and network administration/protocols
• Knowledge of IT security principles
• Knowledge of information security best practices
• Knowledge of threat mitigation technologies and techniques
• Advanced knowledge of Data Loss Prevention and Endpoint Protection
• Knowledge of network security, application security, database administration, programming, systems analysis procedures, database software and operating systems
• Knowledge of network protocols (SSL, DNS, NTP, Syslog, SMTP, SNMP, Radius, and LDAP)
• General knowledge of operating Cloud Computing environments and security issues related to those environments
• Knowledge of MS SQL Server and comfortable with automating tasks in a MS SQL Server DB environment
• Expert knowledge of analysis and problem-solving principles with emphasis in user relations, data gathering techniques, and management information applications to IT staff in order to perform and teach others. Serves as a resource to others in the resolution of complex problems and issues involving Internet connectivity and security

Knowledge, Skill and Experience:

• Have IT managerial experience
• International exposure.
• Have good understanding on IT professional certificates, working culture and career development.
• Project management experience
• Background in sales and customer service is a plus
• Proficient in CRM/project management.
• Strong organizational and multitasking skills
• Customer-oriented approach
• Excellent verbal and written communication abilities

Desirable Trainings

• Project/ program management and leadership & top level management related training

Languages

• Fluency in spoken and written English.
• Desired Criteria (An Asset)
• Cyber Security and Audit Certifications like CISM, CISA, CISSP, CEH, CPT etc