Jobs at GVA Partners

An exciting opportunity exists for a highly skilled IT security engineer to join a dynamic project team. The resource shall be responsible for the following

• Carry out procedural system maintenance on all IT systems.
• Ensure all networks including but not limited to LAN, MAN, WAN, GAN meets the demand of the company.
• ·roubleshoot system and network problems, diagnosing and solving hardware or software faults and replace parts as required.
• Maintain all IT system work flows.
• Maintain and update all IT Networks.
• Maintain and contribute to the development of IT Network.
• Participate actively in developing, planning and implementing advance IT systems.
• Other duties as assigned.

Functions:

• Lead cybersecurity initiatives in conjunction with Group Cybersecurity team.
• Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
• Lead the implementation of Information Security projects
• Drive internal and external vulnerability assessment, penetration tests engagements and manage results to remediation.
• Respond to escalated security events and drive security incident response processes to ensure timely resolution with minimal disruption.
• Design, document, and deploy secure infrastructure solutions to enhance and evolve the security posture of the business to ensure integrity, availability and confidentiality of all critical enterprise data.
• Provide expertise on security tools, including but not limited to firewalls, Web Application firewalls, IDS/IDP, anti-malware software
• Liaise with stakeholders in respect of operational implementation of security policies and best practices
• Collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementations are managed to minimize risks and adverse impact to servers, workstations and user productivity.
• Implement the infrastructure, configurations and processes to monitor security related events
• Prevent data loss and service interruptions by researching new technologies that will effectively protect the enterprise network.
• Guard all company data, particularly sensitive data, from both internal and external threats by designing broad defenses against would-be intruders
• Take the lead on day-to-day monitoring for unusual activities, implement defensive protocols, and report incidents
• Collaborate with other members of the cybersecurity team to develop new protocols, layers of protection, and other both proactive and defensive systems that stay one step ahead of cyber criminals
• Maintain security guidelines, procedures, standards and controls documentation
• Maintain a working knowledge of current cybercrime tactics

Supervisory/Managerial responsibilities:

• Ensure conformance to Cybersecurity Blueprint/Roadmap
• Provide inputs to company strategic plan on all initiatives to ensure that Security gaps/vulnerabilities are identified & closed
• Establish and ensure credibility through strong relationships, value-add to operations and professionalism

Experience:

• 3 - 5 years’ experience in an area of Security specialisation; with experience working with others
• Experience working in a Large organization and preferably in the Telecommunications industry
• Strong background as an Engineer/Architect in application security infrastructure and various network technologies to include devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
• Experience with Microsoft, Solaris, Unix, Oracle and MS SQL
• Experience working in telecommunications industry
• Managing network and / or network security
• Knowledge should be current with information security best practices and global trends
• Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
• User account identity, authorization and authentication management.
• Security incident and event management
• Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concern

Training:

• Penetration Testing
• Vulnerability lifecycle management
• Advanced Security Incidence Reponse
• Systems Auditing,, Database Security, Firewall Design, Intrusion detection system administration Implementation
• Security enforcement on systems level, security audit and vulnerability management
• Telecommunications, Network, wireless & Internet Security

go to method of application »

Summary of Functions

• Tailoring the SIEM solution to unique infrastructure and business needs
• Monitor the overall performance of security systems depicted in appendix A
• Identity and Access Management Monitoring/Alerting
• Endpoint monitoring
• Constantly oversee and analyze security defenses per on-prem and cloud infrastructure
• Participate in the delivery of cybersecurity operations through vulnerability and threat identification, incident detection and response, forensic investigations, Patch and Vulnerability Management. Engage with infrastructure and applications teams in mitigation and remediation efforts.
• Maintain key metrics that are indicative of the security posture of the infrastructure.
• Keep abreast of threat intelligence feeds to stay abreast of industry reports and emerging threat that may affect.
• Produce Executive Dashboard Security reporting showing actionable insights from IT Security monitoring tools
• Engage with other IT units, where applicable, to establish and enforce security best practices, protection objectives, and process improvements.

Education, Experience, and Skills required

• Bachelor’s degree/HND in Computer Science, Information Technology or Cybersecurity related field
• Minimum of 7 years of experience in Cyber security, with at least 5 years of working as SOC Analyst
• Experience with Windows/Unix/Linux Operating systems with a focus on cybersecurity
• Relevant industry certifications (i.e. CISSP, CASP+ CEH, GCIH, GCIA, OSCP)
• Experience with SIEM (Arcsight), EDR (Falcon Crowdstrike, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Service Now Ticketing, Web Security.
• Communicates clearly with diverse technical and business owners.
• Familiarity with regulations and frameworks such as NIST, PCI, ISO 27001

go to method of application »

Summary of Functions

• Work with the cybersecurity operations team to protect assets from unauthorized access, unauthorized data alteration or denial of service through vulnerability and threat identification, incident detection and response and forensic investigations.
• Review and make recommendations regarding on-prem, datacenter and cloud infrastructure, networking and security settings and posture
• Create and maintain key metrics that are indicative of the security posture of the infrastructure.
• Keep abreast of threat intelligence feeds to stay abreast of industry reports and emerging threat that may affect the firm.

Education, Experience, and Skills required

• Bachelor’s degree/HND in Computer Science, Information Technology or Cybersecurity related field
• 4+ years of experience in Cybersecurity
• 2+ years of experience as a SOC/Forensic analyst supporting cybersecurity incident response.

go to method of application »

SUMMARY OF FUNCTIONS

• Drive the Automation of the Security Baseline configuration using Enterprise tools Puppet, Ansible.
• Manage the Database security program including onboarding, discovery, use cases, upgrades & regular assessments. Tool is Imperva.
• Based on the nature of security threats perceived, assesses and establishes mitigating steps to ensure appropriate treatment and escalate as appropriate.
• Co-ordination of security systems disciplines in the face of active threats.
• Provides expert technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions and architecture.
• Collaborates and acts as a security architecture liaison with other IT areas and to design and/or recommend new security solutions as needs arise.
• Liaise with other relevant functions to facilitate the timeous closure of incidents and vulnerabilities.
• Ensure Security controls are regularly evaluated as part of the Security Assessment program with proposed remedial actions to address noted baseline variances.
• Support the implementation of risk assessments exercises across the Information Technology function in order to trap and highlight information security weaknesses and advice on controls to mitigate those risks.
• Implement standards for testing methodologies, techniques and procedures and conduct robust quality standard programme.
• Lead IT Controls Assessments and compliance exercises.
• Support controls design for Operating systems, Applications & Database Security, implementation, assessments & reporting.
• Monitor compliance to Information security policies, procedures and standards via a robust information security program/plan depicting continuous planned and ad-hoc audit and review exercises.
• Liaise with other relevant functions/stakeholder to implement information security.
• Manage escalating issues (within the information security domain) along with relevant stakeholders.
• Maintain key metrics that are indicative of the security posture.
• Produce Executive Dashboard Security reporting showing actionable insights from IT Security monitoring tools.

EDUCATION, EXPERIENCE & SKILLS REQUIRED

• Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or any related discipline preferred.
• Minimum of 5 years of experience in Cyber security or roles with a focus on Application, Operating systems & Database security.
• Experience with Windows/Unix/Linux Operating systems with a focus on cybersecurity Relevant industry certifications (i.e. CISSP, CISA, CRISC, CISM, COMPTIA+, Imperva Database administrator, Puppet practitioner, CASP+ CEH, GCIH, GCIA, OSCP)
• Experience with SIEM (Arcsight), EDR (Falcon Crowdstrike, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Service Now Ticketing, Database Security.
• Technical experience around Identity Access Management, Controls configuration management & automation using Puppet/Ansible/Chef, Vulnerability assessments and treatment, Technical systems baseline governance & Implementation.
• Proven experience with best practices, frameworks & standards implementation across technology stacks, Auditing across varying technology, integrating log sources to a SIEM and offense/alerts tuning.
• Proven experience in penetration testing & Use of offensive Security Red team tools.
• Proven experience in business continuity & use of defensive Blue team tools.
• Proven experience in identifying, developing, implementing and evaluating risk response options & providing management with information to enable risk response decisions.
• Experience in identifying requirements, developing architectures, and deploying enterprise Security architecture, ensuring that the implementation adheres to standards and best-practices.
• Mastered the principles of how business strategy drives Security.
• Excellent negotiation and facilitation skills is critical to this role: (Able to convey and sell ideas and strategies to stake holders).
• Knowledge of SQL is desirable – minimum Intermediate.
• Experience with database security administration tools, security assessments and secure database configuration.
• Knowledge & Implementation of best practices & Hardening frameworks, DISA, CIS, NIST, ISO, PCIDSS etc.