IT Security Specialist

Roles and responsibilities

We are looking for exceptional systems & software engineers who love to solve complex security problems fundamentally from first principles. This is not your typical IR or analyst role, we spend large percentages of our time on project work, balancing this with our operational duties such as detection engineering and incident response. If you're ready to make a tangible impact and drive innovative security projects, apply now to join our global team and help shape the future of security at Almosafer.

Responsibilities:

• Build, deploy and maintain large scale security systems across our ecosystem.
• Research, innovate and improve our security capabilities through new and enhanced tooling.
• Develop smart automation strategies to reduce the need for manual alert triage.
• Conduct detection engineering to increase coverage, identifying malicious activities across Almosafer’s endpoints, infrastructure, networks, and cloud environments.
• Investigate alerts and potential incidents end-to-end, including digital forensics, malware analysis and threat intelligence as needed.
• Lead incident response efforts and respond to intrusion attempts and suspicious activities, collaborating with multiple Almosafer teams.
• Participate in red team exercises and threat simulations in order to identify gaps, improve competencies and expand the team’s knowledge.

Profile Requirements:

• Strong programming skills in Python and/or Go.
• Practical experience with BeyondCorp or ZeroTrust security models.
• Proven expertise in one or more detection and response related areas such as:

- digital forensics (forensic artefacts, disk and cloud acquisition and analysis,

-forensic tooling e.g. GRR, Timesketch)

-malware analysis (static and dynamic analysis, using tools like IDA Pro and Ghidra)

-incident management and response (coordinating large scale or impactful security events with multiple stakeholders)

-host/network intrusion detection (able to parse and understand large and often unfamiliar logs and systems)

-network telemetry (understanding network flows, PCAPs and technologies like Zeek)

-threat intelligence (have an understand of how to model a threat actor and their TTPs)

-threat hunting (know how to find suspicious activity or IOCs across data lakes)

• Understanding of operating system internals, with a core competency in two or more of the following including file and disk structures, forensic process, security controls, hardening, scripting and binary investigations: macOS, windows, Linux
• Advanced knowledge of cloud infrastructure, including being able to build and deploy systems and investigate security events across two or more such as: Amazon Web Services, Kubernetes, Google Cloud Platform
• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 3+ years of experience in the field of incident response, detection engineering or related security disciplines

Desired candidate profile

1. Cybersecurity Expertise

• Security Frameworks and Standards: Familiarity with common security frameworks and standards, such as NIST, ISO 27001, CIS Controls, and GDPR compliance.
• Threat Intelligence: Experience in identifying and mitigating evolving cyber threats, including malware, ransomware, phishing attacks, and DDoS (Distributed Denial of Service) attacks.
• Incident Response: Ability to lead and manage cybersecurity incidents, including investigation, containment, mitigation, and recovery processes.
• Vulnerability Management: Skilled in identifying, assessing, and mitigating vulnerabilities in systems, networks, and applications.

2. Network Security

• Firewall Management: Configuring, managing, and optimizing firewalls and other perimeter security devices to control traffic and prevent unauthorized access.
• Intrusion Detection and Prevention: Experience with intrusion detection/prevention systems (IDS/IPS) to monitor and respond to security events.
• VPN and Secure Remote Access: Expertise in designing and managing Virtual Private Networks (VPNs) and secure remote access solutions to ensure safe connections for remote workers.

3. Identity and Access Management (IAM)

• Authentication and Authorization: Implementing and managing secure authentication methods, including multi-factor authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control (RBAC).
• Access Control: Managing user access to critical systems and data based on business needs and ensuring compliance with the principle of least privilege.

4. Data Protection and Encryption

• Data Encryption: Understanding and implementing data encryption techniques for data in transit and at rest to protect sensitive information.
• Backup and Disaster Recovery: Ensuring robust data backup and disaster recovery solutions are in place to protect against data loss and ensure business continuity.

5. Compliance and Risk Management

• Regulatory Compliance: Ensuring the organization’s IT security measures comply with industry regulations such as HIPAA, PCI-DSS, GDPR, and others.
• Risk Assessment: Conducting security risk assessments, identifying vulnerabilities, and implementing mitigations to reduce risk exposure.
• Audit and Reporting: Preparing regular security reports and audits to ensure compliance with security policies and standards.

6. Security Operations and Monitoring

• Security Monitoring: Setting up and managing security monitoring tools (e.g., SIEM systems) to detect anomalies, suspicious activity, and potential breaches.
• Security Event Analysis: Analyzing security events and logs to detect patterns, investigate incidents, and determine the root cause of security issues.
• Penetration Testing: Conducting or overseeing regular penetration tests to identify weaknesses in the organization’s infrastructure.

7. Cloud Security

• Cloud Platforms: Expertise in securing cloud environments (e.g., AWS, Azure, Google Cloud) and ensuring that cloud services comply with security standards.
• Cloud Access Security Brokers (CASBs): Implementing and managing CASBs to ensure secure cloud usage and prevent data breaches in cloud environments.

8. Security Tool Management

• Security Tools: Proficiency in security technologies, such as firewalls, anti-virus software, encryption tools, SIEM (Security Information and Event Management), and vulnerability scanners.
• Automation: Leveraging automation tools for vulnerability management, patching, and incident response to reduce manual effort and improve efficiency.