Specialist, IT Infrastructure Assessment & Review at IHS Towers

The Opportunity

• IHS Towers is expanding our global footprint and we are seeking an individual to join our team in Nigeria as Specialist, IT Infrastructure Assessment & Review.
• The Specialist, IT Infrastructure Assessment & Review will support and contribute towards continuous improvement of the company’s cyber-security posture by applying technical know-how and skills to address ongoing enterprise-wide infrastructure security-related issues.

Key Responsibilities

• Safeguard IHS by detecting, preventing and mitigating information security (IS) threats to the company’s infrastructure.
• Provide quarterly network vulnerability assessment of the company’s IT infrastructure by integrating the following tasks:
  • Gather intelligence
  • Document active and stealth nodes
  • Enumerate all trust relationships
  • Identify exposure using commercial tools
  • Scan network vulnerability
  • Analyze, categorize and validate vulnerabilities
  • Catalogue exposure
  • Examine external visible points of presence
  • o Query DNS records and enumerate external nodes
  • Perform TCP/UDP scan of nodes
  • Conduct manual testing and repeat identification
• Support management in realizing cybersecurity ROI
• Collaborate with Group Cyber-security team to drive cybersecurity initiatives.
• Design and implement security controls to safeguard and monitor events for information systems, enterprise network, routers and switches
• Support the implementation of IS projects.
• Assess vulnerabilities related to the company’s network by following general accepted methodology for network assessments.
• Carry out port scans to identify insecure port configurations.
• Continuously monitor the company’s external visible points of presence.
• Provide second-line support for IT security-related issues.
• Collect evidence and documentation of all network-related exposures.
• Deploy Sophos endpoint for 2000 endpoints and 200 servers and for monitoring/ response to detected malware attacks.
• Monitor the company’s Operations Management Suite (OMS) platform for endpoints and severs. Identify and responding to security threats on the platform.
• Monitor firewall logs.
• Conduct network device review covering the following
  • Router security reviews:
  • Clear Text Rlogin Protocol Service
  • Simple Network Management Protocol (SNMP)
  • Clear text (Tenet) review
  • Console Connection Timeout
  • Outbound Administrative Access Review
  • Packet Assembler/ Disassembler
• Review IDS policies based on the company’s requirements and best practices.
• Carry out threat monitoring by reviewing firewall and IPS alerts. Follow up with appropriate action.
• Investigate and block phishing email.
• Perform other tasks and duties as assigned by the Senior Manager, IT Security Operations.

Key Qualifications & Experience

• Bachelor's Degree in Computer Science, Engineering, or other related disciplines.
• +5-6 years’ relevant experience in information security and network vulnerability management.
• Professional certifications will be an asset, e.g. ISO27005: Information Security Risk, CEH, EC-Council Certified Security Analyst (ECSA)
• Strong background in security infrastructure and various network technologies, e.g. firewalls, VPN, intrusion/ extrusion detection, vulnerability and risk assessment tools, encryption technologies, data loss prevention, whole disk and device encryption solutions, two-factor authentication, common windows (desktop and server) platforms.
• Demonstrable experience with network and infrastructure vulnerability scanners such as Nessus, NEXPOSE, Nipper, etc.
• Demonstrable knowledge of security best practices such as defence in-depth, least privileges, need-to-know, separation of duties, access controls, and encryption.
• Hands on experience with security systems, e.g. firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Proven experience in network security, networking technologies and network monitoring tools.
• Must possess thorough understanding of the latest security principles, techniques, and protocols.

Behavioural Competencies:

• Analytical Thinking
• Problem Solving
• Collaboration & Teamwork

Functional competencies:

• Penetration Testing
• Vulnerability Lifecycle Management
• Security Incident Response
• Systems Auditing
• Database Security
• Firewall Design
• Intrusion Detection
• System Administration Implementation
• Telecommunications, Network, Wireless & Internet Security

Organizational Competencies:

• Customer Focus - People demonstrating this competency understand & exceed our customers’ needs. They develop trusted, reliable & collaborative relationships. They are consistently operating to the highest standards of service & delivery.
• Innovation - People demonstrating this competency constantly seek new & improved ways to deliver our products & services. They champion engineering & skills development, and work to create a collaborative and supportive operating environment.
• Integrity - People demonstrating this competency are open & honest in everything they do. They support financially & environmentally sustainable growth. They make socially responsible decisions and treat their stakeholders with respect.
• Be Bold - People demonstrating this competency are thorough in analyses & decision-making. They are courageous in expanding existing markets & developing new ones. They confidently pursue appropriate financial returns and are forward-thinking and ambitious.