Information Security Senior Vulnerability Analyst

Job Description

KEY ACCOUNTABILITIES<br><br>Description<br><br>1. Analyse organization’s cyber defence policies and configurations and evaluate compliance with regulations and organizational directives.<br>2. Maintain deployable cyber defence audit toolkit (e.g., specialized cyber defence software and hardware) to support cyber defence audit missions.<br>3. Maintain knowledge of applicable cyber defence policies, regulations, and compliance documents specifically related to cyber defence auditing.<br>4. Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.<br>5. Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).<br>Policies, Processes &amp; Procedures<br>6. Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.<br>Day-to-day Operations<br>7. Follow the day-to-day operations related to own jobs in the department to ensure continuity of work<br><br> <br>QUALIFICATIONS, EXPERIENCE &amp; SKILLS<br><br> <br>Qualifications &amp; Experience:<br><br>• BSc is a must, MSC is preferable.<br>• 2-4 years experience working within the information security field<br>• Good communication skills (English, Arabic)<br>• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth)<br>• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])<br>• Knowledge of application vulnerabilities<br>• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).<br>• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.<br>• Knowledge of penetration testing principles, tools, and techniques.<br>• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems<br>• Skill in the use of penetration testing tools and techniques.<br>• Skill in using network analysis tools to identify vulnerabilities (e.g., fuzzing, nmap, etc.).<br>• Skill in conducting application vulnerability assessments. <br>• Proficient in preparation of reports, dashboards and documentation.<br> <br>Skills:<br>• Excellent communication and leadership skills.<br>• Ability to handle high pressure situations with key stakeholders.<br>• Good Analytical skills, Problem solving and Interpersonal skills.<br>• Working knowledge and experience with MS office.