CYBER DEFENSE SECTION HEAD
Education and work experience:
- A bachelor's degree in Computer Science, Information Systems, Information Technology, or a related field. A Master Science (MS) in Information Security is preferred.
- 6 or more years paid work experience in IT, Telecom, Cybersecurity or related field, and 3+ years in event and/or incident response experience in a cyber operations environment, experience may be concurrent.
- Manage, run and maintain the Cyber Security Operations in line with KPO Strategy and KPO Cyber Security Strategy.
- Manage the following functions on daily basis with smooth operations including designing, developing implementing processes and tools for Cyber Incident Response, Identify and access management, Threat Monitoring and Vulnerability management, Security Operations Center, Perimeter protections including Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS)/ Cloud Access Security Broker (CASB)/ Firewalls/ Honeypots, etc., as Line of Defense 1 (LOD1).
- Deliver strategic reports and strategies to minimize the impact of the cyber threat as needed by the Cyber Leadership. Carry out responsibility for whole Cyber Security Operations Centre (CSOC) function operation in close collaboration with PCN/PCD team.
Necessary knowledge and skills:
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and The National Institute of Standards and Technology (NIST).
- Strong technical understanding of data, and application security, operating system internals and network protocols.
- Practical knowledge in system technology security testing (vulnerability scanning and penetration testing).
- Strong knowledge of cyber security operations concepts, cyber threat and vulnerability management processes and Cyber Security Operations Centers (CSOC), including associated managed service providers.
- Extensive security operations, incident response, incident detection, malware detection, and threat response hands-on knowledge.
- A strong understanding of the business impact of security tools, technologies and policies.
- Hands-on knowledge in forensic activities and tools.
- In-depth knowledge of Information Security, SIEM management, Incident Response, Risk mitigation, and Infrastructure Protection tools and processes.
- A solid understanding of log and monitoring management systems, security event monitoring systems, threat intelligence, network-based and host-based intrusion detection systems, firewall technologies and Endpoint detection and response solutions.
- Demonstrated hands-on knowledge with managing and ensuring the timely response, triages and investigations of security events and incidents.
- Knowledge of English language at intermediate level or higher.