Infrastructure Security Engineer - Victoria Island, Nigeria - GVA PARTNERS LIMITED

Description

SUMMARY OF FUNCTIONS

• Drive the Automation of the Security Baseline configuration using Enterprise tools Puppet,

Ansible.

• Manage the Database security program including onboarding, discovery, use cases, upgrades &

regular assessments. Tool is Imperva.

• Based on the nature of security threats perceived, assesses and establishes mitigating steps to

ensure appropriate treatment and escalate as appropriate.

• Co-ordination of security systems disciplines in the face of active threats.
• Provides expert technical insight and industry perspective in the creation, delivery, and integration

of complex and comprehensive security solutions and architecture.

• Collaborates and acts as a security architecture liaison with other IT areas and to design and/or

recommend new security solutions as needs arise.

• Liaise with other relevant functions to facilitate the timeous closure of incidents and

vulnerabilities.

• Ensure Security controls are regularly evaluated as part of the Security Assessment program with

proposed remedial actions to address noted baseline variances.

• Support the implementation of risk assessments exercises across the Information Technology

function in order to trap and highlight information security weaknesses and advice on controls to
mitigate those risks.

• Implement standards for testing methodologies, techniques and procedures and conduct robust

quality standard programme.

• Lead IT Controls Assessments and compliance exercises.
• Support controls design for Operating systems, Applications & Database Security, implementation,

assessments & reporting.

• Monitor compliance to Information security policies, procedures and standards via a robust

information security program/plan depicting continuous planned and ad-hoc audit and review
exercises.

• Liaise with other relevant functions/stakeholder to implement information security.
• Manage escalating issues (within the information security domain) along with relevant

stakeholders.

• Maintain key metrics that are indicative of the security posture.
• Produce Executive Dashboard Security reporting showing actionable insights from IT Security

monitoring tools.
EDUCATION, EXPERIENCE & SKILLS REQUIRED

• Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or

any related discipline preferred.

• Minimum of 5 years of experience in Cyber security or roles with a focus on Application, Operating

systems & Database security.

• Experience with Windows/Unix/Linux Operating systems with a focus on cybersecurity Relevant

industry certifications (i.e. CISSP, CISA, CRISC, CISM, COMPTIA+, Imperva Database administrator,
Puppet practitioner, CASP+ CEH, GCIH, GCIA, OSCP)

• Experience with SIEM (Arcsight), EDR (Falcon Crowdstrike, Packet Analysis, HIPS/NIPS, Network

Monitoring tools, Service Now Ticketing, Database Security.

• Technical experience around Identity Access Management, Controls configuration management &

automation using Puppet/Ansible/Chef, Vulnerability assessments and treatment, Technical
systems baseline governance & Implementation.

• Proven experience with best practices, frameworks & standards implementation across

technology stacks, Auditing across varying technology, integrating log sources to a SIEM and
offense/alerts tuning.

• Proven experience in penetration testing & Use of offensive Security Red team tools.
• Proven experience in business continuity & use of defensive Blue team tools.
• Proven experience in identifying, developing, implementing and evaluating risk response options

& providing management with information to enable risk response decisions.

• Experience in identifying requirements, developing architectures, and deploying enterprise

Security architecture, ensuring that the implementation adheres to standards and best-practices.

• Mastered the principles of how business strategy drives Security.
• Excellent negotiation and facilitation skills is critical to this role: (Able to convey and sell ideas and

strategies to stake holders).

• Knowledge of SQL is desirable – minimum Intermediate.
• Experience with database security administration tools, security assessments and secure database

configuration.

• Knowledge & Implementation of best practices & Hardening frameworks, DISA, CIS, NIST, ISO,PCIDSS etc.