Information Security Engineer (ISE)

Job Description

<p><strong>ABOUT SSH</strong></p><p>SSH is one of the leading master planning, infrastructure, building design and construction supervision firms in the Middle East, with a reputation for design integrity and a portfolio that includes landmark projects throughout the region. The firm maintains offices in Abu Dhabi, Algeria, Bahrain, Dubai, Kuwait, London, Oman, Saudi Arabia, Egypt, Sub-Saharan Africa, and North Africa.</p><p><br></p><p><strong>Job Summary:</strong></p><p>Responsible for the ownership of Information Security within the SSH Enterprise, ensuring that staff, consultants, and 3rd parties comply with ratified information security policies and procedures. </p><p>The ISM will manage the IT risk register, information security audits, accreditation activities, Enterprise Continuity Plans (ECPs) and security implementation.</p><p><br></p><p><strong><span class=”ql-cursor”> </span>Key Responsibilities </strong></p><ul><li>Information security Support to provide safekeeping of the company’s information asset integrity.</li><li>Maintain systems plus controls to protect unauthorized access, disclosure, modification and deletion of information through resources and computer networks.</li><li>Interact with business technical specialists to guide authentication, authorization, and encryption solutions.</li><li>Interact with business units about varying business and technical plans.</li><li>Ensure information security issues are actioned and responded to during the initial stage of the project life cycle.</li><li>Investigate known and suspected information security events and develop related reports.</li><li>Recommend changes in legal, technical and regulatory areas to managers affecting IT and computer offences.</li><li>Perform as technical security advisor or analyst for company initiatives to analyze new technologies for program conformance.</li><li>Test solutions effectively utilize industry-standard analysis criteria involving delivering technical reports and formal papers on test findings.</li><li>Revise IT-related purchase specifications for software, hardware or services.</li><li>Ensure to procure sufficient security requirements adhering to system sensitivity.</li><li>Conduct hardware and software security alert analysis as available.</li><li>Resolve issues by responding to IT threats and vulnerabilities.</li><li>Ensure changes in software, hardware, facilities, telecommunications, and user needs to ensure security is not degraded.</li><li>Conduct routine security risk analysis, evaluate business needs against collision, vulnerabilities and search resulting risks.</li><li>Maintain the Information Security Management System (ISMS) by retaining ISO 27001 accreditation requisites which align with information security best practices, standards, controls, policies, and procedures.</li><li>Communicate Acceptable Use Policy (AUP) to ensure staff understands their responsibilities for information security.</li><li>Maintain and track a list of exceptions to information security policies and risks to ensure mitigation or formal risk acceptance.</li><li>Develop and plan information security projects by monitoring all related activities’ implementation and integration stages to achieve the desired outcome.</li><li>Work with IT operations and suppliers to promote and support the proactive Identification and assessment of Information Security risks within IT Services and Infrastructure.</li><li>Own information security problems, register vulnerabilities and coordinate to mitigate and reduce risk.</li><li>Act as the central point of contact during the annual audits ensuring information and IT observations resolved</li><li>Responsible for the Enterprise Continuity Planning (ECP) process to include Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) strategies. </li><li>Plan, develop and deliver security awareness training to all staff and management.</li><li>Communicate across disciplines, divisions, and regions in support of the Identification and assessment of information security vulnerabilities to reduce the impact of risk.</li><li>Conduct investigations following security incidents by conducting root cause analysis and recommending solutions to prevent the breach from happening again.</li><li>Responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures.</li><li>Monitors cybersecurity requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.</li><li>Perform security assessments of applications and systems using penetration and vulnerability testing and risk analysis.</li><li>Configures and installs firewalls and intrusion detection systems.</li><li>Implements software fixes (patches) to remove system vulnerabilities.</li><li>Responds immediately to cybersecurity-related incidents and provides a thorough post-event analysis.</li><li>Investigates intrusion incidents and conducts forensic investigations. </li></ul><p><br></p><p><strong>Skills</strong></p><ul><li>Secure software development principles</li><li>APIs (including data integration</li><li>Enterprise computing environments, including application architectures, network and application protocols and database reporting.</li><li>Monitoring tools (e.g., New Relic, Splunk ITSI)</li><li>SSO, LDAP and other basic authentication integrations, Gitlab or other code management/version control platforms, Cloud Platforms (Azure), </li><li>Lifecycle Management tools, Application Security Testing tools</li><li>Vulnerability Management, including knowledge about the process and activities required in vulnerability scanning, Identification and reporting through to vulnerability remediation.</li><li>Design, develop and implement scalable, elastic microservice-based platforms.</li><li>OAuth token-based authentication protocol</li><li>Cloud-native development (Azure) and or other solutions in use</li><li>Cloud Services such as Azure or Google Cloud, or similar</li><li>REST APIs and Web functionalities</li><li>Unit testing or Automated integration testing</li><li>Secure Development Lifecycle</li></ul><p></p>