We have an Infrastructure Security Consultant Opportunity at one of the Biggest Insurance company at KSA.
- The candidate will be responsible to cover the following domains:
·Assess the SEIM deployment and coverage for the end-point and the configured rules and dashboards.
·Assess and define the security forensic and malware analysis tools and techniques.
·Assess and define the security operation center (SOC) processes.
·Assess and define the threat hunting techniques and tools.
- Provide an onsite infrastructure security consultant as per the scope, requirements and plan for the duration of 1 year
- Establish Threat Intelligence and Threat hunting practices by building the methodology and the tools that needed to do the job, as well as performing the threat hunting in real environment.
- Review and define the practices for Digital Forensics and Incident Response (DFIR) and perform actual digital forensic analysis on the host and network levels.
- Review and define the tools needed for incident response, forensic analysis and malware analysis and perform actual malware analysis.
- Review the infrastructure components design and configuration such as but not limited to firewalls, DNS, IPS to ensure proper configuration is set.
- Review and define the minimum baseline security requirements for the host and network components.
- Review the SIEM architecture and propose the enhancement procedures including but not limited to the received logs from the end-points, the SIEM scalability and rules and correlations the needed to improve the SOC feasibility and functionality.
- Review the current utilization of all infrastructure security controls and ensure effective use and enforcement applied including but not limited to end-point security, IPSs, EDRs, etc
- Review the SOC team practices and define the right measures to enhance the detection and response time.
- Review and define the security infrastructure and network architecture baseline and requirements.
- Review and define the access management processes and practices with respect to admin, normal, Production and non-production access.
- Review and define the vulnerability management processes and practices.
- Review and define the tools and practices needed for digital certificate lifecycle management.
at least 8 years' experience in Information Security, specifically in the field of Infrastructure Security.
- Solid experience in infrastructure components including, DNS, AD, Firewall, IPSs, etc
-Deep technical experience with UNIX/Linux and Windows operating systems as well as Virtualization.
- Has solid understanding of application integration security standards and best practices for third-party integration as well as inter-application integration
Certifications: CCNP, GCFA, GMON, GNFA, GREM, GPEN, OSCP
Certifications: CISSP, PWK