Information Security Engineer

1. Under general supervision implements the design of a complex unified cyber security program in Nesma Telecom & Technology.
2. Provides highly technical security expertise and support related to alarms and monitoring devices.
3. Manages the various security projects including performing impact diagnostics on existing technology projects.
4. Evaluates business and technical security requirements; driving the selection, prototyping and implementation of applications and technical solutions; and effectively communicating inherent security risks to non-technical users and administrators
5. Coordinates and implements enterprise design and remediation solutions based on gathered statistics.
6. Responsible for analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.
7. Performs other duties as assigned within the scope of the qualifications.
8. Strong, hands-on approach to ensuring secure development and engineering practices across multiple internal teams by leading by example. Persons in this role will help reduce risk, threats, and vulnerabilities in Nesma’s Applications, Cloud, Networks, and associated web services.

Knowledge of:

Information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect, Nikto or similar. Knowledge of information system architecture and security controls, such as firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures.

Technical knowledge of UNIX, Linux and Windows operating systems. Technical knowledge of IDS/IPS, vulnerability assessment tools, remote access methodologies, log management tools, firewalls, cryptography and digital certificates. Surveillance, Access Control and related Alarm Systems. Methods and techniques of networking protocols and remote access. Cyber security issues and impact, and can readily identify potential threats. Knowledge of Industry Standards, eg, ISO, NIST and other Related Security Standards.

Skilled in:

Performing manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited to cross-site Scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems.

Performing network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols.

Analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.

Preparing clear and concise reports and documentation.

Application source code security review.

Communicating clearly and concisely, both orally and in writing.

Establishing and maintaining effective working relationships with those contacted in the course of work.

Computer Science, Computer Information Systems, Information System Technologies, Management Informat