Senior Systems Analyst

Job Purpose/Objective

Specify, evaluate, deploy, configure, support, maintain, and analyse multiple cyber security systems. Oversee the Protection, Detection, Response, and Recovery phases of the NIST Cyber Security Framework. Implement security policy issued from the Cyber and Information Security Department. Perform vulnerability assessments utilizing IT security tools and methodologies. Continuously review and analyse the company's security systems, solutions, and programs while recommending specific measures that can improve the company's overall system/data confidentiality, integrity, and availability. Maintain oversight of Managed Systems Service Providers (MSSP) regarding the monitoring, alerting, and maintenance of their systems and applications. Assists in the development of procedures to brin company into alignment with ISO 27001.

KEY ACCOUNTABILITIES

General Duties

• Proven work experience as a system security analyst or information security analyst Experience in Microsoft Windows, VMWare infrastructure
• Hands-on experience in analysing vulnerabilities and their impact on applicable systems.
• Hands-on experience in security patch deployment on Microsoft Windows and non-Windows platforms
• Hands-on experience in using tools like Microsoft SCCM and Manage Engine Desktop Central for patch management and deployment.
• Experience in building and maintaining security systems
• Detailed technical knowledge of database and operating system security
• Hands on experience in security systems, including firewalls, intrusion prevention systems, anti-virus software, honeypots, authentication systems, security log management, content filtering, etc
• Thorough understanding of the latest security principles, techniques, and protocols
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
• Problem solving skills and ability to work under pressure
• Specify, evaluate, deploy, configure, support, maintain, and analyse the following security related systems:
• Security Information and Event Management (SIEM) system
• Enterprise Virus Scan
• Endpoint protection
• Intrusion Prevention System
• Vulnerability Scanner
• Advanced Threat Protection (ATP) System
• Honeypots
• Privileged Account Management (PAM)
• Data Loss Prevention (OLP) System
• Endpoint Detection and Response (EDR) System
• Firewalls
• Interface with the MSSP, National Security Operations Center (SOC) and related organizations.
• Assist in the implementation of the Information Security Management System based on the ISO 27000 series standards, including future preparation for certification against ISO 27001.
• Work independently under the general direction of the Head, IT Operations to ensure timely and accurate deployment, operations, and maintenance of cyber security systems.
• Support the Information Security program including development, collection, assessment, and reporting of metrics.
• Recommend security procedure changes and enhancements as needed to reduce cyber security risks.
• Assist in ISO 27001 external audits and certification..

Quality, Health, Security, Safety and Environment

• Ensure compliance with Life Critical Procedures, Tenets of Operations, Consent to Operate, plant policies and procedures, Daily Operating Instructions, Standard Operating Procedures (SOPs), Job Safety Analyses (JSAs), MOC Process, and Quality Management System.
• Participate in the safety activities to ensure regulatory, health, safety, security, environmental, and quality compliance.
• Execute Stop Work Authority and take immediate corrective actions to stop unsafe behaviours.

Policies, Systems, Processes and Procedures

• Maintain a working knowledge of applicable cyber security standards.
• Provide input to the planning, design, development and implementation of technical controls and procedures associated with compliance to regulatory requirements, cyber security guidance, and standards.
• Contribute to the identification of opportunities for the continuous improvement of systems, processes and practices in order to increase confidentiality, integrity, and availability.
• Implement all relevant Section’s processes, procedures and instructions so that work is carried out in a controlled and consistent manner.

Reporting

• Communicate ideas, present, and explain technical knowledge to stakeholders.
• Prepare timely and accurate recaps and reports in order to meet departmental requirements, policies and standards.
• Communicate to Supervisor to inform on issues that require additional follow up.
• Report incidents and near misses and participate in investigations as required.

Qatarization

• Contribute to the development of Qatari employees. This accountability is applicable to expatriate employees only.

QUALIFICATIONS & EXPERIENCE

Education

Required : Bachelor’s Degree in Computer Science/ Computer Engineering/ Information Technology.

Certifications/Accreditations

Two or more of the following certifications (or equivalent certification) is required:

• Microsoft Certified Systems Engineer (MCSE)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker
• Global Information Assurance Certification
• Certified Ethical Hacker (CEH)

Preferred : Master’s Degree in Information/Cyber Security.

Experience

Required : 7-10 years of in-depth, hands-on experience with at least 10 of the following:

• Microsoft Windows Operating System
• Security Patch Management and Patch deployment
• Expert working knowledge in Microsoft SCCM.
• NIST Cyber Security Framework (CSF)
• Performing vulnerability, risk, and compliance assessments Penetration testing
• Ethical hacking
• Social engineering
• TCP/IP, computer networking, firewalls, routers, and switches
• Working knowledge on Network Admission Control Systems
• Working knowledge on Intrusion Prevention Systems
• Anti-Virus
• Anti-Malware
• Security Information and Event Management (SIEM) DLP
• Cloud computing Application security Incident response
• Computer forensics
• Reverse engineering
• Security architecture Security engineering

Other Job Specific Requirements and/or Vocational Accreditations

• Web-application security
• SSL Encryption and SSO
• Development experience in C++, .Net, Java, Visual Studio SharePoint
• LDAP directory experience
• Excellent report writing and communication
• Ability to work well independently or with a team
• Capable of meeting deadlines