• Careers

    Careers

  • 1

 

We do not currently have any positions open. To submit your resume for future consideration please send it via email to This email address is being protected from spambots. You need JavaScript enabled to view it.


Senior Analyst

This job posting is now closed.

Position Description

Working with one of the most prominent telecom operators in Kurdistan, this job provides flexibility by offering the candidate a 70/30 split between onsite and offsite work.

Working as part of a dynamic leading edge team, the position offers a chance to stand out as an expert in the field of SIEM, interacting with multiple nationalities or order to truly make a difference.

Job Description

The Sr. Security Analyst is a member of the security team reporting to the head of security. The successful candidate will help design, implement, and operate an end-to-end solution, including data collection, correlation, analysis, and reporting, with the goal of generating actionable security intelligence across the entire organization.

Responsibilities include but are not limited to:

  • Collaborate on the architecture and implementation of an enterprise-scale deployment of ArSight (SIEM).
  • Contextualize and provide reporting based on a wide variety of data feeds including but not limited to network, application, security, and infrastructure sources.
  • Leveraging extensive experience in vulnerability exploitation and defense, maintain a current knowledge of attack vectors and methodologies and apply this knowledge to identify security risks, threats and vulnerabilities. Develop scripts and queries to identify these issues both preemptively and reactively.
  • Serve as a key contributor for response actions to a wide range of security incidents and exposures.
  • Create reports and dashboards to convey critical information to key consumers and stakeholders.
    • Represent the Security Team in collaborative efforts across multiple Technology and Business Teams to ensure risk awareness, security best-practices, and to assist these teams in deploying and maintaining systems at an appropriate level of risk.
    • Provides leadership and work guidance to less experienced personnel
    • Handling of unexpected challenges in a professional and courteous manner
    • Contribute to and coordinate audit management efforts with regulators, internal and external auditors
    • Contribute to the development of standards, procedures, and guidelines for analytics and monitoring issues.
    • Supervise projects through the project lifecycles of initiation, planning, execution and closure

Skills Required:

  • Advanced understanding of security technology, including but not limited to, Cisco Lancope, Cisco Sourcefire, Arbor and F5 ASM product ranges, including experience administering these systems, assessing new technologies and integrating those datasets into Arcsight.
  • Experience working in Security Operations Centers as an analyst, performing triage and investigation
  • Extensive understanding of network, host, data and application security
  • Demonstrable knowledge of attack vectors, threat tactics, attacker techniques.
  • Experience with network security tools (e.g. Nessus, Wireshark, Snort).
  • Experience reviewing raw log files, and data correlation (i.e. firewall, Netflow, IDS, syslogs).
  • Bachelor's degree or equivalent combination of education and experience. Bachelor's degree in computer science or related field preferred

Skills Preferred

  • Knowledge of data modelling and search optimization
  • Experience with programming/scripting languages (e.g.Python)
  • Experience with improving signature quality and detection through results analysis and team collaboration.
  • Experience working with federal regulations related to information security (HIPAA, PCI, GxP, etc.) and standards such as NIST, ISO27k, etc.
  • Experience working with telecom environments.
  • Good communication and interpersonal skills.
  • Strong analytical and problem solving skills
  • A knowledge of Arabic language.

Senior Penetration Tester

This job posting is now closed.

Position Description

Working with one of the most prominent telecom operators in the Middle East, you will work with a multi national team dedicated to ensuring the security of its clients and the country.

Job Description

Conduct security architecture review of the full stack including applications built on cloud and emerging technologies. Conduct manual application security testing and source code auditing for a variety of technologies. Provide clear and detailed risk assessment and remediation guidelines for developers and business owners. Conduct penetration testing targeting critical data, services, and environments. Report underlying security issues and propose enhanced security protections.

Other responsibilities include:

  •  Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
  •  Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
  •  Develop tools and exploits to support application security review and/or penetration testing

Skills required

  • Three or more (3+) years of experience in information security with web application and network penetration testing experience
  • Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
  • Deep experience engaging clientele in consulting-related environments
  • Experience leading or participating in Red Team engagements
  • Reverse engineering malware, data obfuscators or ciphers
  • An aptitude for technical writing, including assessment reports, presentations and operating procedures
  • Strong understanding of security principles, policies and industry best practices
  • Ability to travel up to 20%

Bonus points:

  • An advanced degree in an IT-related field
  • Knowledge of telecom environment, including core telecom services OSS/BSS.
  • Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
  • Experience with API testing and Mobile Application testing
  • Working knowledge of defensive security techniques and technologies
  • Experience in exploit development
  • CISSP, OSCP/E, GWAPT, GPEN, or GXPN certification(s)
  • Familiarity with debuggers and disassemblers

Senior SIEM Engineer (ArcSight)

This job posting is now closed.

Position Description

Working with one of the most prominent telecom operators in Kurdistan, this job provides flexibility by offering the candidate a 70/30 split between onsite and offsite work.

Working as part of a dynamic leading edge team, the position offers a chance to stand out as an expert in the field of SIEM, interacting with multiple nationalities or order to truly make a difference.

Job Description

The Senior SIEM Engineer, will work with a multi national team of experts in the SOC. The employee will be responsible for the creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments. Experience and deep knowledge of SIEM (ArcSight) are essential. The Senior SIEM Engineer will work closely with Management, Senior Engineers, Solution Architects, Senior Security Engineers, other Principal Security Engineers and clients to complete high profile, critical services for the operator. Serve as a subject matter expert and team lead for Managed Security Services, staying in tune with all client configuration issues and all internal projects.

  • Guide the design, development, and implementation of complex security SIEM content.
  • Analyses and identifies areas of improvement with existing processes, procedures and documentation.
  • Help to create use cases for the SIEM relating to telecom environments.
  • Have a deep knowledge for writing flex connectors, not only for traditional services, but also for telecom environments.
  • Develop individual team, defining strategies and responsibilities to be successful and grow.
  • Act as the point of escalation for other Engineers (Associate Engineer, Security Engineer, & Senior Engineer) and provide guidance and mentoring.
  • This will require documentation of Account Governance processes and responsibility for report generation and notification to senior leadership about potential client Service Level Agreement (SLA) issues.
  • Explain and demonstrate how to use SIEM and Enterprise Security products to both technical and relatively non-technical personnel.
  • Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
  • Implement and configure SIEM software and appliance-based products in large enterprise and Government environments.

Qualifications

  • 3+ years professional experience managing and maintaining SIEM systems.
  • 2-3 years professional experience working with networks and network architecture.
  • 1+ year professional experience writing SIEM content.
  • College degree or equivalent training with experience working in a Security Operations Center, Managed Security, or client network environment.
  • Advanced information security knowledge in one or more areas such as Enterprise end-point security products
  • Understanding of network architecture and implementation is a must; ideal candidate will have worked with network security analysis.
  • Experience with content SIEM content creation and reporting.
  • Excellent time management, reporting, and communication skills.
  • Superior IT problem-solving skills.
  • Experience with Linux OS.

MUST HAVE:

  • Shift flexibility, including the ability to provide on call support when needed
  • Keen interest in telecom environments and security.
  • Tolerance of other cultures and ideas.

Desired Qualifications:

  • General security knowledge (GIAC, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, or other security certifications).
  • Knowledge of Linux and Windows Operating Systems.
  • An understanding of a wide array of server grade applications such as DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
  • CCNA, CCDA, CCSA, CCIE, CISSP, CEH, or MCSE.
  • Familiarity with DevOps
  • Arabic language skills.