Information & Cyber Security (Consultant)
intelPRO
Total years of experience :17 years, 11 Months
• Perform Security Assessment and Penetration testing on new applications, network designs and existing environments
• Conduct regular threat modelling Gather requirements and current standards to overview technology and make recommendations
• Develop and review Use security project case and provide necessary justifications
• Perform threat hunting, malware analysis, indicator of Compromise (IOC) and Indicator of Attacks (IOA) assessment after cyber incidence with the SOC Team.
• Engaging with Incident Response and Security Operations team to discuss new threats pattern and attack techniques to improve intelligence gathering
• Conduct Malware Analysis, Information Gathering, Virus/ Trojan Assessment, Payloads, Exploits,
Key loggers & Antivirus Analysis
• Review and recommend adequate controls for Cyber Security Projects implementation for SIEM, SOC, Cloud infrastructures, NOC, DLP, Anti-Ddos Tools, and Deception Grid
• Perform periodic quality Risk assessments to ensure relevant processes and procedures are being performed as expected and planned, and provide recommendations for noted deficiencies.
• Regularly engaging functional leaders and business owners to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
• Participate in technical discussions to facilitate the identification, mitigation and containment of cyber security risk
• Conduct researches on threat actors and TTPs, intrusion kill chain, cyber risks, and Intelligence and analysis methodologies.
• Experience in using various open sources and tools to research external threat actors and threat actor groups
• Using Power shell, python and ruby scripting to conduct regular review for security loopholes on Servers, Applications and Network infrastructures
• Conduct regular review of security policies, procedures and international standards in line with Data security policy and privacy requirements
• Design and communicate security tips and latest attack techniques to drive Awareness on new threat techniques and attack patterns
• Conduct risk based assessment and threat modelling on Project requirements and ensure controls are implemented correctly.
• Performed and provided end-to-end Security Architect engineering and threat management supports for Core Banking Application project
• Ensure adequate security processes, procedures and controls are followed and well implemented in line with UAE/KSA Cyber security frameworks and regulations
• Perform Security Vulnerability Assessment and Penetration testing on new and existing environments
• Plan architecture changes and help create project management recommendations
• Perform threat hunting, malware analysis and threat modeling
• Participate in project reviews, risk assessment, security requirements for Cloud Architectures (Amazon Web Services, Microsoft Azure) for implementations and Security assessments.
• Keep up-to-date on the latest security standards and enforcing compliance in line with Bank policies
• Document security procedures for LANs, WANs, Cloud requirements and VPNs projects in line with security best practices and bank policies.
• Conduct risk based assessment and threat modelling on Project requirements and implementation
• Address security issues during Data replication and application deployment
• Designing, build, test and implement Security systems within Emirates NBD
• Responsible for Security Architecture design review based on Zero trust, SABSA and TOGAF frameworks.
• Estimate and review budget and security requirements for projects and deliverables
• Designing, build, test and implement security systems within Emirates NBD for project on Authentication Services (Single sign-on, Multi factor authentication, Session and token authentication, Authorization Services (Privileged access, Roles, Rules and attributes)
• Conduct security review for User management Services (Provisioning, de-provisioning, Self-service and Delegation)
• Perform security reviews on directory Services (identity store, Directory Federation, Metadata synchronization and Virtual directory
• Reviewing time to time Applications and Network security controls, and providing recommendation for improvements
• Conducting regular system tests and ensuring continuous monitoring of network security devices
• Developing project timelines for ongoing system upgrades and implementations
• Ensuring all personnel have access to the IT system limited by need and role
• Establishing disaster recovery procedures and conducting breach of security drills
• Promptly responding to all security incidents and providing thorough post-event analyses
ROLES & RESPONSIBILITIES
•Execute IT Security Program to protect data and critical information technology resources from a wide range of threats in order to ensure business continuity, minimize the business risk, and maximize return on investments and business opportunities.
•Develop and deliver a portfolio of IT Security Management Programs that supports business objectives and INLAKS Customers
•Conduct Vulnerability Assessment, Ethical hacking and Penetration testing on Networks, Websites, Applications, and Database etc.
•Conduct breach assessment and threat hunting using open source and license tools
•Conduct security assessments for new and existing applications and services that will integrate into the IT systems and/or provide services for the INLAKS and her Customers.
•Apply an advanced knowledge of monitoring, analyzing, detecting, and responding to Cyber events and incidents within information systems and networks.
•Consult on integrated, dynamic Cyber defense and leverage Cyber security solutions to deliver Cyber security operational effects, including intrusion detection and prevention, situational awareness of network intrusions, security events and data spillage, and incident response actions.
•Lead staff on intelligence and counterintelligence collection through network analysis and reporting.
•Define, design and deliver IT security that takes into consideration business unit strategic goals, internal customer needs, and the overall technology strategy
•Maintain existing and define new information security policies as required
•Oversight and management of the Vulnerability Management Program for devices, Cloud infrastructures and applications that support the business
•Manage and contain information security incidents and events to protect organization assets, intellectual property, regulated data and the company's reputation.
•Provide Information Security awareness, education and training to employees to ensure an understanding of their role in protecting organizational data and systems
•Regularly evaluate industry trends, changes, innovations, and maturity to recommend and plan the introduction of new technologies. Stay abreast of technological developments to provide business partners with best in class economics for necessary infrastructure
•Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements
•Manage the organizations IT security staff and consultants/contractors that support the
ROLES & RESPONSIBILITIES
•Conduct Penetration Testing, Ethical Hacking, Security Assessment, Social Engineering when required
•Conduct Malware Analysis, Information Gathering, Virus/ Trojan Assessment, Payloads, Exploits,
•Key loggers & Antivirus Analysis
•Implement, review and manage Cyber Security Projects Such SIEM, SOC, Cloud infrastructures, NOC, DLP, Anti-DDoS Tools, and Deception Grid.
•Developing and analyzing scripts to test for security weaknesses on Database, File and Exchange Servers
•Perform periodic quality Risk assessments to ensure relevant processes and procedures are being performed as expected and planned, and provide recommendations for noted deficiencies.
•Engage with Incident Response, Security Operations, and other Paranoids teams.
•Develop close working partnerships with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
•Participate in technical discussions to facilitate the identification, mitigation and containment of cyber security incidents
•Provide quality control over team products; assist with drafting, editing, critiquing, and proofreading threat intelligence estimates, briefs, assessments, and memorandums.
•Experience in using various open sources and tools to research external threat actors and threat actor groups
•Conduct researches on threat actors and TTPs, intrusion kill chain, cyber risks, and Intelligence and analysis methodologies.
•Conduct awareness of the dark web and threat actor usage of forums and marketplaces.
Conduct Investigation on Memory, Hard Drives, Systems, Networks etc.
•Support Organizations to implement, attain compliance and ISO Certifications such as ISO 27001, ISO 22301, NIST frameworks, ISO 27032 and PCIDSS standards.
•Conduct Technical and Non-Technical training when required
•Attend to other issues such as Proposal Development, Presentations, support Recruitment exercise and involve in Business Development Etc.
. Information Management Resources Nig Ltd (IMR
ROLES & RESPONSIBILITIES
• Attend to clients ICT technical issues relating to repairs, troubleshooting, installations, deployment of Hardware and software on SERVERS
• Responsible for troubleshooting and repair of ML Servers, COMPUTERS, LAPTOPS, PRINTERS & UPS etc. Deploy and installation high end servers in and at client sites.
• Configure AD, DNS, DHCP, NETBIOS, WORKGROUP, Domain for clients
• Manage and attend to clients request/challenges on LAN/WAN and installation of network devices such as SWITCHES, ROUTERS, FIREWALL VSAT, Voip/PABX, VLAN, VPN, LAN, WAN, LWAN, MAN
• Project manage Fiber Optics, Cat 5, 6, cabling & terminations and ensuring proper installation of SIEMs, FIREWALL, IDS, IPS, HONEYPOT etc.
• Monitor daily intelligence operations feeds from SIEMS, NOC & SOC
• Attend to installation and deployment of CCTV Cameras
• Project manage and support PriceWaterHouseCooper (PWC) contract on IT
• Work Tools, Server Maintenance and operations
• Project manage and support Central Bank of Nigeria - IT Work Tools Maintenance contract
• Project manage and support ECOWAS - Network Security Devices & Wireless Connectivity deployment Project manage and support NETCO system and server maintenance
• Project manage and support WEMA Bank maintenance contract
• Project manage OAU INTECU fibre projects, Network Security deployment for Cloud computing, SOC and NOC