More stories

  • in

    Sales Telecaller – Executive | A Leading Company In UAE

    Employment:

    Full Time

    Our company is urgently looking to recruit experienced Credit Cards & Personal Loans Direct Sales / Telesales Executives at our Dubai Office.

    The ideal candidate will be responsible for building and maintaining a strong sales pipeline. You will do so by identifying key business opportunities and segmented prospects. Your goal will be to meet or exceed our monthly targets and increase our revenue. Salary + Incentive. Visa provide by company.

    A leading company in UAE. More

  • in

    Cyber Ops – Network Security Consultant | Almawarid Group

    Employment:

    Full Time

    Manage the overall endpoint security by detecting, analyzing, monitoring, handling, preventing and reducing the effect of the threats and vulnerabilities to the company networks in line with the current endpoint security technologies. Oversee the overall network security at the company. Identify threats to the company networks or security attack vectors and implement the required network protection measures. Roles: • Evaluate the network security protocols, topologies and device configurations. • Analyze log files related to network traffic, firewalls, IDS, IPS, NAC and DNS. • Identify any suspicious activity and its effect on the data and systems. • Implement and test the firewalls, NAC, IDS and IPS systems• Conduct periodic network security audits. • Implementing the network security policies and procedures. • Conduct risk assessments, employee trainings and network monitoring.• Participate in incident response and business continuity management. • Manage VPN profiles and access. • Perform in-depth analysis of the endpoint security and solutions. • Create and install the required endpoint protections such as anti-virus, firewalls etc. based on the gaps identified in the analysis. • Ensure that end point security solutions are implemented across the systems in the company and identifies inconsistencies. • Identify new attack vectors and requirements for detecting an attack.• Plan, develop and implement feature testing. • Maintain up-to-date signatures on the endpoint security agents.• Develop new signatures and rules at the endpoint security agents to detect cyber threats (i.e. YARA rules, queries) • Develop a blacklist/whitelist of the software list for the company endpoints based on known file hashes and functions. • Maintain compliance with the company policies and other regulatory requirements. • Define the endpoint detection strategy and solutions in coordination with the senior management. • Create and conduct trainings on endpoint security practices for the Company employees.• Identify the list of network devices managed the Cybersecurity Operations function and maintain an updated asset inventory defining the criticality and ownership• Maintain a baseline configuration for the network security assets such as internal/external firewalls, IPS/IDS, NAC systems, anti-DDOS and VPN and test firewall and IDS/IPS logs against forensics requirements. • Define roles and responsibilities for team monitoring Network Admission Control logs.• Develop metrics and KPIs to measure effectiveness of NAC deployment and other network perimeter controls. • Document a process for network devices to align with approved security configurations. • Schedule periodic configuration reviews to ensure network device configurations follow best practices. • Deploy Domain Name System Security Extensions (DNSSEC) across the enterprise. • Deploy and implement a file integrity monitoring tool to be used on a weekly basis. • Implement WIDS and integrate with SIEM to identify rogue wireless devices and detect attacks.• Develop a formal process to centrally manage network firewall operations.• Establish guidelines for encrypting email communications and digitally signing emails and integrate with DLP solution once deployed. • Extend content filtering capabilities to include email and file transfer. • Include DDoS prevention considerations in the enterprise security architecture and secure design processes.

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Cybersecurity related threats and vulnerabilities. • Cybersecurity authentication, authorization and access control methods.• Vulnerabilities in applications and their likely impact. • Cybersecurity defense and vulnerability assessment tools and their capabilities. • Host and network access control mechanisms. • Sources of information relating to the identification and effective treatment of vulnerabilities. • Best practices for incident response and incident management. • Cybersecurity and privacy principles and organizational requirements. • Programming language structures and logic. • Virtual Private Network (VPN) security.• National cybersecurity regulations and requirements relevant to company. • Cybersecurity policies, procedures and regulations. • Windows and Unix ports and services. • System administration concepts for operating systems used by Company. • Networking and internet communications fundamentals. • Cybersecurity authentication, authorization and access control methods. • Vulnerabilities in applications and their likely impact. • Host and network access control mechanisms. • Best practices for incident response and incident management. • Cybersecurity and privacy principles and organizational requirements. • Programming language structures and logic. • Virtual Private Network (VPN) security. • Cybersecurity policies, procedures and regulations. • Windows and Unix ports and services. • System administration concepts for operating systems used by company. • Networking and internet communications fundamentals.• Analyze infrastructure build sheets, configuration management databases, vulnerability scans, access control lists and vendor documentation to understand software behaviors and interactions.• Use network analysis tools to identify vulnerabilities. • Network tools. • IT security principles and methods. Qualifications: • Bachelor’s degree in computer science, information systems, or related field. • 7-15+ years in an active technical cybersecurity role. • A minimum of 3+ years of related experience in Endpoint Security. • Experience with EDR and/or incident response toolkits preferred. • CISSP, GIAC Penetration Tester, GIAC Security Essentials or equal certifications. • A minimum of 7 years’ experience as a network security specialist • CEH, CCNP Security, CCSP, CCNA, GSEC, GCI, CISSP or equal certifications.• Certified CompTIA, Microsoft, or Cisco network professional preferred. • Technical troubleshooting skills.

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Operational Technology Consultant (OT Infrastructure): | Almawarid Group

    Employment:

    Full Time

    Configure, test and monitor the ICS infrastructure for company. Support with the development and configuration of use cases. Provide subject matter advice on ICS cybersecurity. Roles: • Understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications. • Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model. • Run Windows and Linux command line tools to analyze the system looking for high-risk items and basic scripting to automate the running of programs to perform continuous monitoring of various tools. • Operating Systems administration (system administration concepts for Unix/Linux and/or Windows operating systems). • Aware of ICS systems’ security lifecycle. • Better understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation). • Support on incident response and handling. • Map different ICS technologies, attacks, and defenses to various cybersecurity standards.• Ensure that the logging and monitoring requirements of OT systems are determined, documented in policies and distributed to stakeholders. • Establish a process for performing real time log- correlation and integration with threat intelligence processes. • Ensure that encryption controls are applied for ICS laptops, removable media, USB drivers.• Monitor the use of approved removable media and ensure that unauthorized removal of media is detected and media related incidents are recorded, analysed and tracked. • Ensure that network defense controls are implemented on external network gateways and access points. • Ensure that web proxy are implemented to limit connections and access to websites. • Manage the network firewall operations through a centralized firewall rule/ request and approval process. • Establish a DMZ and install the firewalls between the DMZ and internal networks.• Ensure that network security scans are conducted in order to detect rogue devices. • Integrate the NAC solution with enterprise tools/ capabilities such as SIEM, DLP, network forensics and malware protection. • Review and update the NAC rules periodically. • Integrate the wireless network access points with IDS/IPS and NAC. • Configure wireless access on ICS machines to allow access to only authorized wireless networks.

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Knowledge and understanding of risk assessment, mitigation and management methods. • Appropriate data backup and recovery methods and solutions, including testing.• Best practices for incident response and incident management. • Best practice network traffic analysis methods. • Network traffic protocols, methods and management. • Industry standard systems diagnostic tools and fault identification techniques. • The components of a network attack and their relationship to threats and vulnerabilities• Network security architecture concepts including topology, protocols, components, and principles. • Windows and Unix ports and services. • Intrusion detection and prevention system tools and applications. • Network protocols and directory services. • Software related IT security principles and methods. • Basic system, network and OS hardening techniques. • Test procedures, principles and methodologies relevant to developing and integrating cybersecurity capability. • Transmission technologies and jamming techniques that enable and prevent transmission of undesirable information or prevent installed systems from operating correctly and the laws relating to their usage. • Network traffic analysis tools, methodologies and processes. • Web filtering technologies. • Network technologies in IT and ICS/OT environments. • Supervisory control and data acquisition system components. • ICS operating environments and functions. • ICS network architectures and communication protocols. • ICS devices and industrial programming languages. • ICS threat landscape. • threats and vulnerabilities in ICS systems and environments.• intrusion detection methodologies and techniques for detecting ICS intrusions. Qualifications: • Bachelor’s degree in computer science, information technology, or any other engineering field. • 7-15+ years of experience with industrial control systems. • ICS410: ICS/SCADA Security Essentials. • ICS456: Essentials for NERC Critical Infrastructure Protection. • ICS515: ICS Active Defense and Incident Response.• ICS612: ICS Cybersecurity In-Depth. • GICSP, GCIP, GRID

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Data Security protection, classification, and encryption Consultant: | Almawarid Group

    Employment:

    Full Time

    Identify and implement data protection controls and technologies to ensure the protection of the Company information. The consultant is responsible for ensuring the protection of confidential information to authorized personnel by implementing cryptographic controls. He/she evaluates the current cryptographic algorithms and encryption systems and develops new algorithms if required.Role: • Assess the effectiveness of the current data protection controls• Identify and implement mitigation controls / plans for the identified gaps• Assess the practices regarding data collection and data sharing . • Identify, design and implement data protection technologies such as DLP and DRM. • Implement data classification tools and data discovery tools. • Analyze and evaluate the data privacy incidents and report to the concerned team for response and remediation• Ensure the Company compliance with the data protection laws and regulations. Provide recommendations to improve the data protection compliance. • Create security systems / mechanisms that protect against any potential information disclosure or attacks. • Implement security controls to ensure the protection of data from any modification or deletion due to unauthorized access. • Implement new cryptographic algorithms. • Analyze existing encryption systems and cryptographic algorithms to identify weaknesses and vulnerabilities.• Suggest security solutions to eliminate the weaknesses. • Manage, and monitor the implementation of the recommended improvements. • Assist in solving any security issues that may emerge. • Review and analyze all the security incidents to identify the need for cryptographic controls.• Keep up to date with current research and trends for cryptography. • Develop policies, procedures and processes related to privacy and data protection.• Conduct a risk assessment to ensure that appropriate controls are in place to mitigate risk effectively. • Identify and implement technical measures for data protection in line with relevant laws and regulations. • Conduct Privacy Impact Assessments. • Ensure that all third-party services are compliant with data privacy and security requirements.• Liaise with the legal team to ensure the right contractual clauses are defined and embedded into all data processor contracts. • Monitor compliance with GDPR or other applicable data protection laws. • Identify and evaluate the Company data processing activities. • Maintain the records of data processing activities. • Stay updated about the changes in laws and provide recommendations to ensure data privacy compliance.• Act as point of contact with legal and regulatory authorities, and internal teams. • Develop training materials and conducts trainings for employees on best data privacy practices, privacy compliance and the consequences in case of non-compliance

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Understanding of risk assessment, mitigation and management methods. • Relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy. • Computer algorithms. • Cybersecurity considerations for database systems. • Installation, integration and optimization of system components. • Human-computer interaction principles. • IT security principles and methods. • Network access, identity and access management. • Operating systems. • Network traffic protocols, methods and management. • Telecommunications concepts relevant to role. • Network security architecture concepts including topology, protocols, components, and principles. • Network systems management principles, models, methods and tools.• Systems security testing and evaluation methods. • How threat intelligence sources collect intelligence. • Network protocols and directory services. • How to use network analysis tools to identify vulnerabilities. • Intrusion detection and prevention system tools and applications. • Network protocols and directory services• Knowledge and understanding of new technologies and solutions from a cybersecurity perspective. • Network components, their operation and appropriate network security controls and methods. • Cybersecurity authentication, authorization and access control methods. • Encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria. • Cryptography and cryptographic key management concepts.• Cybersecurity assessment and authorization processes. • Cybersecurity controls and privacy requirements for the management of risks relating to data. • Low-level computer languages required for role. • Mathematics required for role. • Programming language structures and logic. • Key security management concepts. • National cybersecurity regulations and requirements relevant to the Company. • Encryption methodologies. • Industry standard security models and their effective application. • Confidentiality, integrity and availability requirements.• Knowledge of current and emerging data encryption security features in databases.• Complex data structures. • Implementing enterprise key escrow systems to support data-at-rest encryption.• Confidentiality, integrity and availability principles. • Asset availability, capabilities and limitations. • NCA ECC Standard. • NIST CSF Framework. • The principles of cybersecurity and data privacy.• Data classification standards and methodologies. • Operational impact on an organization due to cybersecurity breaches. • Relevant cybersecurity, ethics and privacy laws, regulations and standards. • Conducting privacy impact assessments. • Privacy enhancing technologies. • Digital evidence seizes and preservation. Qualifications: • Bachelor’s degree in computer science, information technology, or any other related field. • 7-15 years of experience in information security. • A minimum of 5 years of Data Protection or Data Privacy. • Experience conducting audits to ISO 27701, GDPR and HIPAA • CISA, CISM, IAPP, CIPP, or equivalent certifications. • ECES, CISSP, SANS Suite, or equal certifications

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Cyber Governance – Cloud Security Consultant: | Almawarid Group

    Employment:

    Full Time

    Design, deploy and manage the solutions in the cloud environment. Provide guidance on cloud security to identify, detect, analyze and mitigate any threats or vulnerabilities. • Design and develop the cloud security architecture. • Develop and maintain a reference cloud security architecture.• Evaluate the effectiveness of current security architectures and designs with the IT team• Conduct cloud security risk assessments. • Develop and implement secure cloud strategy, policies and procedures. • Identify the company data stored within cloud environments. • Act as a subject matter expert for security cloud architecture. • Build and implement security controls to prevent unauthorized access to, alteration and disclosure of cloud data, software and systems. • Test software systems to ensure the security of the cloud-based platforms. • Assist the Intelligence team in monitoring and responding to cloud security events and incidents. • Develop and conduct awareness sessions on the cloud security.

    Knowledge:• NCA ECC Standard. • NIST CSF Framework.• The principles of cybersecurity and privacy.• Cloud-based knowledge management technologies and concepts. • Cloud service models and effect on incident response. • Cybersecurity incident response in cloud environment. • Network components, security measures and methods. • Cross-platform collaboration and content synchronization. • Virtualization technologies. • Network Infrastructure cybersecurity communication methods, principles and concepts. • IT security solutions (e.g. SIEM, CASB, DLP, MFA etc.) • Cloud security alliance cloud controls matrix • Relevant cybersecurity, ethics and privacy laws, regulations and standardsQualifications: • Bachelor’s degree in computer science, information systems, software engineering, data science, or related field. • 7- 15 years of experience in information security. • 7+ years of experience in cloud security. • Experience working with standard concepts, practices, and procedures of cloud technology and public cloud environments. • CISSP, CISM, CISA, CCSP, CCSK, CompTIA Cloud+, AWS cloud certifications, Azure cloud certification or equal certifications

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Application security Consultant: | Almawarid Group

    Employment:

    Full Time

    The systems security development specialist is responsible for evaluating the security of the software and applications. He/she should be involved in the complete software development lifecycle.• Determine the required security controls. • Assist in software design reviews. • Identify functional and/or performance test cases. • Conduct a risk assessment when a system, software or application undergoes a change. • Conduct secure code reviews. • Identify and implement security mechanisms to resolve issues in software development. • Perform software quality assurance testing. • Implement security measures for solving issues identified during software acceptance phase. • Conduct vulnerability assessment activities prior to deploying the application. • Evaluate and communicate the software testing results with the design team and stakeholders. • Develop documentation for software programming and development, and secure software / system testing and validation. • Develop and implement an application security program across the organization with periodic reviews to assess effectiveness. • Develop secure coding standards and procedures, derived from leading security practices and industry standards, across all platforms. • Develop a process for project risk rating to drive and inform SDLC rigor (e.g. threat modelling), which will be part of the SDLC process. • Conduct security assessments on applications when in staging mode and provide risk assessment report for application owners before deploying them in production.• Define an IT/OT application testing framework where regular reviews and mandatory checkpoints are conducted against defined standards prior to design completion.• Develop a code integrity process where code signing is performed consistently & integrated in SDLC process and code obfuscation is applied wherever applicable. • Conduct security assessments on applications in production. • Review the IT/OT security controls for applications targeted with cyber threats. • Maintain a centralized repository for SDLC processes integrated with regular tracking processes. • Document a list of requirements where all intellectual property and production code are held in escrow. • Develop guidelines to include application security testing and for mobile applications.• Train testers on coding process using security test cases. • Identify and assign personnel responsible for application security. • Develop a process for conducting SAST and DAST activities on all developed applications• Implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and weaknesses in applications before deploying into production. • Develop a platform to allow users to report bugs/issues in the applications. • Implement a WAF to ensure protection of critical and externally facing the company applications. • Ensure WAF logs are captured, archived and integrated to the SIEM solution. • Create and maintain an inventory of all IT/OT applications including criticality and sensitivity ratings, reviewed at least once a year. • Maintain a whitelist of IT/OT applications and application components authorized to be active on a host along with a list of trusted applications from vendors. • Perform periodic scans to detect deviations from the baseline configuration standards.• Develop schedule to periodically review Web Application Firewall (WAF) signatures based on the changes to application use cases and design changes. • Develop training materials and implement training on application hardening relevant to all stakeholders.

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Cybersecurity and privacy principles as they apply to software development. • Programming language structures and logic. • Interpreted and compiled computer languages. • Critical information systems that were designed with limited technical cybersecurity controls. • Data security standards relating to the sector in which the company operates. • Embedded systems and how cybersecurity controls can be applied to them. • Intrusion detection and prevention system tools and applications. • Complex data structures. • Local and wide area networking principles and concepts including bandwidth management.• Secure configuration management techniques. • Software debugging principles. • Software development models.• Software engineering. • System design tools, methods and techniques, including automated systems analysis and design tools. • Knowledge of web services. • Secure coding techniques. • Software quality assurance process. • Developing software in high-level languages.• Developing software for UNIX or Linux.Qualifications: • Bachelor’s degree in computer science, information systems, or related field. • 10+ years of experience in information security. • 7+ years of experience in security testing of software. • ISTQB certifications, or equal certifications• Bachelor’s degree in computer science, information systems, or related field. • 10+ years of experience in information security. • 7+ years of experience in security testing of software. • ISTQB certifications, or equal

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Microsoft Infrastructure Consultant | Qatar Datamation Systems (QDS)

    Employment:

    Full Time

    As a Microsoft Infrastructure Consultant, you will be responsible to design and develop the infrastructure technical aspects for the deployment for different customer and also work with Microsoft closely.Description: • Act as the infrastructure expert for supporting different customers in the transformation of various services from on-premises solutions to Cloud technologies.• Plan, design, configure and deploy large scale cloud infrastructure on-premises or on Azure for different customers.• Produce end-to-end solution designs, putting together technologies from multiple IT systems and departments across either the application or infrastructure domains.• Must have detailed knowledge and experience of one or more application or infrastructure domains and can clearly document and communicate the domain architecture.• Ensures technical quality and assurance by participating in Governance and Technical Design peer review processes, working closely with customer and internal stakeholders as appropriate.• Oversees coordination of the Solution Manager/Solution Architect, and teams up with other Functional or Technical Architects.• Experience and working knowledge with Microsoft Azure with IaaS & PaaS / Microsoft 365 with Security, including planning, configuration, optimization and deployment. • Strong practical Windows-based systems administration skills in a Cloud or Virtualized environment. • Proficiency in Windows / Active Directory / Exchange / Azure and Microsoft 365 technologies. • Large scale migration experience Data Centre to Data Centre and/or Data Centre to Cloud. • Demonstrated ability to think strategically about business, product, and technical challenges. • Experience planning and developing support processes and adhering to best practices.• Strong written and oral communication skills, and the ability to effectively communicate with technical and non-technical audiences. • Experience managing cloud/data center operations, including governance, monitoring, alerting and notifications.

    Candidate should have relevant experience of deployment/migration/configuration on the below technologies and platforms:• Active Directory• Exchange Server• Microsoft Azure Cloud (IaaS/PaaS)• Microsoft 365 (Office 365/Enterprise Mobility + Security/Windows 10)• System Center Suite• SQL Server

    QDS has strengthened its play and expanded its presence in the regional IT solutions, services and support market by building long-term relationships with customers and principals.

    Since its inception in 1983, QDS has been growing from strength to strength blending the latest of technology with impeccable business acumen and meeting the most challenging requirements of a fastevolving IT landscape through strategic joint ventures, world class vendor alliances, extensive and strategic vertical focus and a well trained and talented workforce of over 150 professionals.

    Today, QDS provides a wide range of fully integrated IT based business solutions that addresses almost the entire market spectrum, spanning various verticals like Banking and Finance, Healthcare, Government, Education, Oil and Gas, Telecommunication and Private sectors backed by high quality customer Support. More

  • in

    Cyber Governance – Security Architect Senior Consultant | Almawarid Group

    Employment:

    Full Time

    • Execute cybersecurity reviews and identify gaps in Company’s security architecture and generate cybersecurity risk management plans. • Apply secure configuration management processes. • Identify and prioritize Company’s critical business functions in collaboration with relevant company stakeholders. • Analyze candidate architectures, allocate security services, and select security mechanisms. • Define system security context, concept of operations and baseline requirements in line with Company applicable cybersecurity policies. • Design detailed functional specifications that document Company’s architecture development process. • Determine security controls for information systems and networks and document appropriately. • Define appropriate availability levels for critical system functions and disaster recovery and continuity of operations requirements. • Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements. • Develop and address Company’s security architecture and systems security engineering requirements throughout the acquisition life cycle. • Guarantee that acquired or developed systems and architectures are consistent with Company’s cybersecurity architecture guidelines. • Read and translate technical diagrams, specifications, drawings, blueprints and schematics relating to systems and networks. • Detect and document security controls for Company systems and networks.

    Knowledge:• NCA ECC Standard. • NIST CSF Framework.• ITIL & COBIT Standards.• SABSA Framework. • Network access, identity and access management, and access authentication methods. • Operating systems, network traffic protocols, methods, management and systems testing and evaluation methods. • Application firewall concepts and functions. • Confidentiality, integrity and availability requirements and data security standards relating to personally identifiable information• Configuration management techniques, embedded systems and how cybersecurity controls can be applicable to them. • Network design processes, including security objectives, operational objectives and trade-offs. • Network hardware devices and functions, network technologies and multi-level security systems and cross domain solutions.Qualifications: • Bachelor’s degree in computer science, software engineering, information systems, or a related field. • 7-15 years of experience in information security and IT risk management. • Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT • CISSP, CISM, CISA, CEH, SABSA Chartered Security Architect, CompTIA Security+ or equal certifications.

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More