{bc}
linkedin

Senior IT Cyber Security Assurance and Risk Specialist

ENEC Operations
Abu Dhabi Emirate, UAE
Full Time
Senior
Yesterday
Penetration TestingVulnerability AssessmentSecurity Architecture ReviewRisk AssessmentMetasploitNmap
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Penetration TestingVulnerability AssessmentSecurity Architecture Review
Smart Apply

Full Job Posting

Role Overview

  • Lead the continuous improvement of effective protection to ensure the protection of information systems from unauthorized disclosure or modification.
  • Coordinate with system owners and internal stakeholders to ensure the improvement of ENEC security posture.

Penetration Testing

  • Scope and perform penetration testing on systems, networks, and applications to identify vulnerabilities.
  • Utilize manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
  • Use penetration testing tools and frameworks such as Metasploit, Nmap, Nessus, Burp Suite, Wireshark, Aircrack ng, SQLmap, Tenable, John the Ripper, Hydra, OWASP ZAP, SOAP UI, Echo mirage etc.
  • Write clear and concise penetration testing reports detailing findings and recommendations.

Security Architecture Design

  • Conduct the design reviews of Cyber security system or major components of an IT Cyber security system.
  • Identify gaps and recommend ways to improve system security to ensure secure design of the solution.

Administration

  • Prepare and report on agreed key performance indicators for the Section in support of the line manager including IT vulnerability report.
  • Supports the personnel department and all correlation functions such as Information security in reporting and recommending enhanced security solutions.
  • Ensure all Action Requests (ARs) are monitored, reviewed, actioned, and closed within agreed time parameters.
  • Assists the Head of Information Security Assurance in the preparation of the annual section budget.
  • Review and update policies and procedures as part of the periodic review as instructed by line management.

Vulnerability Management & Security Assessments

  • Perform On demand and scheduled security assessments on enterprise solutions.
  • Perform Red team activities including but not limited to exploitation of identified vulnerabilities, perform breach attack simulations, phishing campaigns, collaboration with blue team to improve monitoring and defense measures.
  • Lead the vulnerability management program by performing scheduled and on demand vulnerability assessments, vulnerability reporting, vulnerability prioritization, provide recommendations for remediation of identified vulnerabilities, validate remediation of mitigated vulnerabilities.
  • Perform Secure Architecture Reviews for upcoming projects.
  • Conduct technical investigations of cybersecurity events and incidents, designing and recommending effective mitigations.
  • Stay updated on the latest security trends, threats, and technologies.
  • Provide technical guidance and support to IT teams on security related matters.
  • Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.

Risk Assessment & Management

  • Conduct comprehensive risk assessments of the organization’s information systems and infrastructure.
  • Identify, assess, and prioritize risks to ensure effective mitigation strategies are developed and implemented.
  • Conduct regular risk assessments and vulnerability assessments.
  • Identify and mitigate potential security threats to the organization's information systems.
  • Maintain and update the organization's risk register and tracks the risk entered.
  • Perform threat modelling to anticipate potential security threats and vulnerabilities.
  • Collaborate with business units to understand their risk tolerance and develop appropriate risk mitigation plans.
  • Conduct third party risk assessments to evaluate the security posture of vendors and partners.
  • Monitor and review security controls to ensure their effectiveness in mitigating risks.
  • Stay informed about emerging threats and vulnerabilities to proactively address potential risks.

Stakeholder Engagement

  • Support audits and inspections with applicable data and information as required and follow up any remedial actions.
  • Engage with system vendors, collect prerequisites, obtain updated files, and oversee vendors during the implementation of system updates.

Education and Experience

  • Bachelor’s Degree in Cybersecurity, Information Security, or relevant field.
  • 5 years of relevant experience.

Certification

  • CEH, OSCP, GCIH, GPEN.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at ENEC Operations