Cyber Security Specialist at GVA Partners

Summary of Functions

• Drive the Automation of the Security Baseline configuration using Enterprise tools Puppet, Ansible
• Manage the Database security program including onboarding, discovery, use cases, upgrades & regular assessments. Tool is Imperva
• Based on the nature of the security threats perceived, assesses and establishes mitigating steps to ensure appropriate treatment and escalate as appropriate.
• Coordination of security systems disciplines in the face of active threats.
• Provides expert technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions and architecture.
• Collaborates and acts as a security architecture liaison with other IT areas and designs and/or recommends new security solutions as needs arise.
• Liaise with other relevant functions to facilitate the timeous closure of incidents and vulnerabilities Ensure Security controls are regularly evaluated as part of the Security Assessment program with proposed remedial actions to address noted baseline variances
• Support the implementation of risk assessment exercises across the Information Technology function in order to trap and highlight information security weaknesses and advice on controls to mitigate those risks. Implement standards for testing methodologies, techniques and procedures and conduct robust quality standard programme.
• Lead IT Controls Assessments and compliance exercises.
• Support controls design for Operating systems, Applications & Database Security, implementation, assessments & reporting
• Monitor compliance to Information security policies, procedures and standards via a robust information security program/plan depicting continuous planned and ad-hoc audit and review exercises.
• Liaise with other relevant functions/stakeholder to implement information security as defined by Nigeria.
• Manage escalating issues (within the information security domain) along with relevant stakeholders.
• Maintain key metrics that are indicative of the security posture of the infrastructure.
• Produce Executive Dashboard Security reporting showing actionable insights from IT Security monitoring tools

Education, Experience, and Skills required

• Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or any related discipline preferred
• Minimum of 5 years of experience in Cyber security or roles with a focus on Application, Operating systems & Database security.
• Experience with Windows/Unix/Linux Operating systems with a focus on cybersecurity
• Relevant industry certifications (i.e. CISSP, CISA, CRISC, CISM, COMPTIA+, Imperva Database administrator, Puppet practitioner, CASP+ CEH, GCIH, GCIA, OSCP)
• Experience with SIEM (ArcSight), EDR (Falcon Crowdstrike, Packet Analysis, HIPS/NIPS,
• Network Monitoring tools, Service Now Ticketing, Database Security.
• Technical experience around Identity Access Management, Controls configuration management & automation using Puppet/Ansible/Chef, Vulnerability assessments and treatment, Technical systems baseline governance & Implementation.
• Proven experience with best practices, frameworks & standards implementation across technology stacks, Auditing across varying technology, integrating log sources to a SIEM and offense/alerts tuning.
• Proven experience in penetration testing & Use of offensive Security Red team tools.
• Proven experience in business continuity & use of defensive Blue team tools.
• Proven experience in identifying, developing, implementing and evaluating risk response options & providing management with information to enable risk response decisions.
• Experience in identifying requirements, developing architectures, and deploying enterprise Security architecture, ensuring that the implementation adheres to standards and best practices. Mastered the principles of how business strategy drives Security.
• Excellent negotiation and facilitation skills is critical to this role: (Able to convey and sell ideas and strategies to stake holders).
• Knowledge of SQL is desirable – minimum Intermediate.
• Experience with database security administration tools, security assessments and secure database configuration
• Knowledge & Implementation of best practices & Hardening frameworks, DISA, CIS, NIST, ISO, PCIDSS etc.