Analyst, Cyber Security & Penetration Testing (Information Technology)

Introduction

You will be responsible to assist in managing the global information security and to protect AKU's enterprise infrastructure, information and business continuity globally through strong and effective security practices. You would also need to ensure that adequate and effective security processes and controls are followed and aligned to deliver compliance with security policy and regulatory requirements of each region.

Responsibilities

Specifically, you will be responsible to;

• Conduct routine security reviews of networks, infrastructure, identify gaps, report issues to concerned units and management and tracking for timely closure.
• Review audit logs of servers, network equipment and firewalls on a monthly basis.
• Review QRadar SIEM logs on a daily basis to detect and identify cyber-attacks. Monitor for security breaches and investigate a violation when one occurs. Prepare reports that document security breaches and the extent of the damage caused by the breaches. Assess and respond to network security events and alerts identified through SIEM (QRadar).
• Evaluate and recommend new security technologies, and counter measures against threats to information or privacy globally. 
• Coordinate with IT and business on security concerns for network, infrastructure and various projects.
• Conduct internal and external vulnerability assessments and penetration tests on a regular basis
• Manage and drive remediation efforts related to security incidents, vulnerability assessments and penetration tests for all campuses.
• Ensure implementation of Security Incident and Threat Response process.
• Deployment and operations of Data Leakage Protection solution.
• Identify/recommend tools, processes, software, and hardware to improve or replace current security infrastructure practices, services, or technologies used globally to meet future requirements.
• Conduct and organize internal and intra-departmental trainings related to Information Security
• Ensure that appropriate measures have been taken to protect all AKU digital information assets from all kind of malicious software. For example, malware, viruses, worms, Trojans, etc.
• Conduct information security risk assessments for all new products/deployments (networks, infrastructure, firewalls etc.)
• Actively participate in the Security Incident Response Team (SIRT).
• Review configurations of network devices: Firewalls, Intrusion Detection Systems, Intrusion Protection Systems, network switches, network routers, VPN implementations for security perspective.
• Implement data encryption policy and procedure to ensure all confidential information is encrypted while in transit or at rest.
• Identify security weaknesses and/or gaps in the current IT infrastructure and operations and work with other teams to bring information security operations up to standards AKU wide.
• Understands the business activities performed by AKU, and suggests appropriate information security solutions that adequately protect these activities AKU- wide.

Requirements

• Bachelor's degree or equivalent in Computer Science, Computer Engineering, Information Security or related field. Advance degree highly preferred.
• At least six (6) years extensive hands-on technical experience in infrastructure and networks security, operating systems (Windows/Linux), vulnerability assessments, penetration testing and network security assessments.
• Ability to work independently with infrastructure and network teams, and assist them in evaluating and implementing security solutions.
• Network and security certifications such as CCNA, CCNP, CISM, CEH, MCSE, and CISSP etc. would be a plus.
• Good knowledge of Information Security and IT standards including but not limited to ISO 27001:2013, PCI-DSS, NIST, HIPAA, COBIT, and ITIL etc.
• Demonstrated experience with incident management. Ability to administer incident response planning and investigation process of security breaches globally, and facilitate the management with disciplinary and legal matters associated with such breaches as necessary.
• Ability to perform security risk assessments, penetration tests, vulnerability scans, and critical practice assessments and identify information security weaknesses and/or gaps in the current operations is a must.
• Experience in any Big 4 professional services firm would be a plus.
• Ability to work with third party firms and consultants to conduct independent security audits, vulnerability scans, and penetration tests.
• Ability to work with other departments and vendors to supervise AKU-wide information security requirements are incorporated into the rollout of new systems.

Application Process

​Please send your resume at human.resources@aku.edu and mark the subject with position number 10031401. Only shortlisted candidates will be notified.