Security Engineer

Injazat, a G42 company , empowers organizations to optimize their business
goals utilizing cloud and emerging technology solutions (Digital
Transformation, Cloud, and Cyber Security.), by co-creating transformational
digital platforms and services through public-private partnerships (PPP).
Partners include Oracle, Microsoft, ServiceNow, etc.

Injazat is a National Technology Champion , offering end-to-end digital
solutions through partnerships with our clients to build digital businesses
focused on great experience and outcomes. From Abu Dhabi, Injazat orchestrates
a wide ecosystem that brings technical design, human design, and business
design together to create digital solutions and businesses that advance
communities and delight those living in them. Injazat is an industry-
recognized market leader in the region for Digital Transformation, Cloud,
and Cyber Security.
JOB LOCATION: Saudi Arabia
Job Objective: Responsible for Injazat's Cybersecurity operations
involving monitoring, planning, organizing, coordinating, and providing
security guidance for IT operations in the performance of security functions,
as well as coordinating the activities of security, information safety and
related functions.
Day to Day Operations
* Participate in security incident response team activities, providing and implementing tactical risk mitigation to incidents
* Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
* Analyze log files and report breaches including potential security solutions
* Perform preliminary and secondary analysis, validate events, and escalate to management if events deem additional response action
* Provide vulnerability and threat management monitoring and mitigation response
* Oversee and coordinate security efforts across the group, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards
Security Administration
* Actively protect the availability, confidentiality, and integrity of customer, employee, and business information.
* Work with other security team members to review security architecture and design documents to ensure consistency, accuracy and compliance with the articulated security posture and industry requirements.
* Monitor multiple security technologies, such as IDS/IPS, syslog, file integrity, vulnerability scanners
* Correlate and analyze events using the Security Information and Event Management (SIEM) tool to detect security incidents
* Validate vulnerability assessment results and eliminating false positives
* Develop recommendations for security issues and vulnerabilities identified during assessments
* Participate in tactical and operational planning of vulnerability assessment activities
* Contribute to security team effectiveness by accomplishing additional security related results as needed
* Conduct network and web-based application penetration tests
* Conduct physical security assessments
* Conduct logical security audits and hands-on technical security evaluations and implementations
* Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security
* Conduct wireless security assessments
* Conduct social engineering assessments
* Develop tools to increase the level of automation for security assessment methodologies
* Provide ongoing subject matter expert support for the client
* Proactively assess potential items of risk and opportunities of vulnerability in the network.
* Execute the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
* Work with other executives to prioritize security initiatives and spending based on appropriate risk management methodology.
* Maintain and execute compliance in regards to ISO ‎27001 certification
* Execute Risk Assessment activities, including mitigation control selections, and identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
* Facilitate use of technology-based network security penetration tools or methodologies to review, design and/or implement products and services
* Develop and maintain an inventory of tools used by security center
Budgets and Plans
* Contribute to preparation of IT budget
* Recommend input to create annual budget and prepare budget vs. actual as requested
Continuous Improvement
* Motivate one's own team and identify opportunities to take part in change initiatives, programs and projects that reflect international best practice and changes in the competitive environment.
Policies, Processes & Procedures
* Recommend improvements to departmental policy and directs the implementation of procedures and controls so that all relevant procedural/legislative requirements are fulfilled while delivering a quality, cost-effective service to customers.
* Evaluate and update SOC policies and procedures as appropriate
MIS & Reports
* Prepare MIS statements and reports pertaining to department to meet INJAZAT's and the departmental requirements, policies, and standards.
Related Assignments
* Perform other related duties or assignments as directed.
Internal
* All Injazat employees and management
External
* Vendors and Suppliers
Minimum Qualifications:
* Bachelor's degree in technology, BCA, B. Tech
* Certificate preferred CEH, CISSP, Security
Minimum Experience:
* ‎5 to ‎8 years of experience in progressively more complex and responsible operational roles within a dynamic Enterprise function
* ‎2 to ‎3 years of experience in Saudi Market
Job-Specific Skills:
* Working experience in a SOC or NOSC environment
* Must have strong working knowledge of information technology, including applications, networks and systems.
* Knowledge in performing IT Audit reports
* Experience in performing Risk Assessments reports.
* Experience in developing Business Continuity Plans.
* Knowledge in the usage of vulnerability assessment and penetration testing tools
* Knowledge of security attacks techniques, familiar with MITRE ATT@CK framework
* Advanced understanding of business processes, internal control risk management, IT controls and related standards
* Experience in using MS Office, MS Visio
* Experience in project management, problem-solving, training/coaching, presentation skills, and conflict resolution skills.
* General knowledge of ISO ‎27001, ITIL or other control frameworks
* Experience in writing SOP's - operation manuals
* Independent, motivated, and ambitious personality