METAMORFS has an immediate requirement for the following positions in Qatar لدى METAMORFS متطلبات فورية للوظائف التالية في قطر
OT Security Consultant
Location : Qatar
Notice period : Immediate
Experience : 7 years
7+ years of Cybersecurity experience in OT/IOT network security, Cybersecurity Risk Management & Infrastructure security.
Understanding of industry OT/IOT & IT security standards and principles such as: NIST cybersecurity frameworks, IEC 62443/ ISA-99 and ISO27001/27002.
Knowledge of the latest industry OT/ICS security practices and technologies as well as handling of threats and vulnerabilities.
Solid and proven knowledge of production automation products like SCADA, HMI, RTUs, DCS and PLC products and their corresponding communication protocols.
Experience in enhancing OT security environment (as per Purdue Model to identify possible security risk and develop custom threat detection to mitigate these risks.
Should have assessed the OT Design architecture, Network Zoning, Segmentation, LLD/HLD & Testing plan.
Conducting ICS/OT site assessments to identify business critical systems and develop effective risk mitigation measures.
Certification is the plus, any of these - Global Industrial Cybersecurity Professional (GICSP, Certified SCADA Security Architect (CSSA, or CISSP/CISM etc.)
Information Security GRC Domain
Required Professional Experience :-
Minimum 5 Years of relevant experience in Information Security GRC Domain.
Bachelor’s Degree in Engineering (BTech/B. E), MTech in IT or related field. Preferred but not mandatory ISO 27001 LA/LI, ITIL, CISA and CISM.
Exposure & profound knowledge Global IT and Security Standards such as ISO27000 series/ ISO31000/ ISO 9001/ ISO22301, ITIL, NIST, COBIT & GDPR etc.
Should have at least 3 years of implementing or auditing of global standards ISO27001/ ISO 9001/ ITSM/ NIAP or other GRC practices.
Experience in performing information security risk assessment with the development of Risk Register & Risk Treatment Plan.
Worked on diagnostic review & documentation of IT/Information Security Policies & Procedures to comply with Local governmental regulation.
Ability to independently interact with stakeholders including Project Managers, Team Leads and Top management.
English fluency is required, both oral & written
Penetration Tester
Desired Profile :
· Total relevant experience ranging from 5 to 12 years
· Experience in doing security assessments such as manual pentesting and DAST on web applications, APIs, Android and iOS mobile applications
· In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10 or SANS 25
· Ability to Lead the pentest project from Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders to assist in remediation and construction of tools
· Well versed in OWASP Code Review concepts & identifiers
o Familiar with popular tools:
o Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark etc..
o Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider etc..
o Exploit Toolkits: Metasploit, Exploit DB etc..
· Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them
· Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks
· Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile, API)
· Network Security Testing/Penetration Testing (Network, OS, Databases etc)
· Static Code Analysis/ Secure Code Review of applications and incorporate secure SDLC into application develeopment
· Very good communication skills and ability to demonstrate the vulnerability exploitation, risk , impact to the stakeholders and assist in remediation
· Understanding web frameworks, their vulnerabilities and keeping up to date with the latest web technologies
· Experience in pentest reporting - documentation of every phase, making recommendations to mitigate risks for security and hardening
· Lead and assist in Red team activities, simulation tests and other projects as per management needs
· Attack surface and Architecture analysis
Preferred Skills & Certifications
• Secure SDLC, Devops security testing
• Certifications such as CEH, OSCP
إرسال تعليق