IT Security Administrator

Roles and responsibilities

We are looking for exceptional systems & software engineers who love to solve complex security problems fundamentally from first principles. This is not your typical IR or analyst role, we spend large percentages of our time on project work, balancing this with our operational duties such as detection engineering and incident response. If you're ready to make a tangible impact and drive innovative security projects, apply now to join our global team and help shape the future of security at Almosafer.

Responsibilities:

• Build, deploy and maintain large scale security systems across our ecosystem.
• Research, innovate and improve our security capabilities through new and enhanced tooling.
• Develop smart automation strategies to reduce the need for manual alert triage.
• Conduct detection engineering to increase coverage, identifying malicious activities across Almosafer’s endpoints, infrastructure, networks, and cloud environments.
• Investigate alerts and potential incidents end-to-end, including digital forensics, malware analysis and threat intelligence as needed.
• Lead incident response efforts and respond to intrusion attempts and suspicious activities, collaborating with multiple Almosafer teams.
• Participate in red team exercises and threat simulations in order to identify gaps, improve competencies and expand the team’s knowledge.

Profile Requirements:

• Strong programming skills in Python and/or Go.
• Practical experience with BeyondCorp or ZeroTrust security models.
• Proven expertise in one or more detection and response related areas such as:

- digital forensics (forensic artefacts, disk and cloud acquisition and analysis,

-forensic tooling e.g. GRR, Timesketch

- malware analysis (static and dynamic analysis, using tools like IDA Pro and Ghidra)

- incident management and response (coordinating large scale or impactful security events with multiple stakeholders)

- host/network intrusion detection (able to parse and understand large and often unfamiliar logs and systems)

- network telemetry (understanding network flows, PCAPs and technologies like Zeek)

- threat intelligence (have an understand of how to model a threat actor and their TTPs)

- threat hunting (know how to find suspicious activity or IOCs across data lakes)

• Understanding of operating system internals, with a core competency in two or more of the following including file and disk structures, forensic process, security controls, hardening, scripting and binary investigations: macOS, windows, Linux
• Advanced knowledge of cloud infrastructure, including being able to build and deploy systems and investigate security events across two or more such as: Amazon Web Services, Kubernetes, Google Cloud Platform
• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 3+ years of experience in the field of incident response, detection engineering or related security disciplines

Desired candidate profile

1. Develop and Implement Security Policies: Establish and enforce security policies and procedures to ensure the confidentiality, integrity, and availability of company data and systems.
2. Security Monitoring and Incident Response: Lead the monitoring of security threats and provide expertise in responding to security incidents, including conducting post-incident reviews and improving security posture.
3. Vulnerability Management: Regularly assess systems for vulnerabilities and manage the patching process to mitigate potential security risks.
4. Network and System Protection: Oversee the protection of network infrastructure, systems, and applications through firewalls, intrusion prevention systems, and secure configurations.
5. Compliance and Audit Management: Ensure the organization complies with relevant regulations and standards, such as GDPR, HIPAA, or PCI-DSS, and prepare for internal and external audits.
6. Risk Assessment and Mitigation: Conduct regular security risk assessments, develop risk mitigation strategies, and ensure that the organization’s assets are protected from potential threats.
7. Cloud Security Management: Implement and manage security measures for cloud environments, including access control, encryption, and threat detection.
8. Security Tool Optimization: Manage and optimize security tools, such as SIEM, vulnerability scanners, and endpoint protection systems, to enhance the organization's security posture.
9. Stakeholder Reporting: Provide regular reports on security status, incidents, vulnerabilities, and improvements to senior leadership and other stakeholders.
10. Security Awareness Training: Conduct or oversee cybersecurity training and awareness programs to reduce the risk of human error and educate employees on security best practices.

Qualifications and Experience:

• Education: A bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is generally required. A master's degree in cybersecurity or business administration is a plus.