Lead IT Cybersecurity Engineer

INTECH Process Automation is looking for an energized and capable professional for the role of a Lead Cybersecurity Engineer

About Us: 

INTECH Process Automation has been helping businesses transform for the future through next-generation Automation and Digital technologies for the past 30 years and counting. We are a globally renowned engineering company specializing in automation, electrical, energy transition, and digitalization solutions. Our application-specific solutions diversified and technically backed portfolio and expertise in equipment from major OEMs and system vendors are what differentiate us.

His/her general responsibilities shall include but not limited to the following:

Assurance

• Conduct security audits and prepare to report.
• Have expertise in monitoring and compliance of different tools (OPM, ADAudit), processes (security control processes, controls (corrective and preventive), software (licensing and compline), network traffic (NetFlow, Wireshark), etc.
• Implement risk management frameworks (i.e. ISO-27001, NIST) which include conduct risk assessment, perform gap analysis and propose and implement risk mitigation plans.
• Conduct penetration testing using OWSAP, Burp Suit, NMAP, Nessus, and Kali Linux.
• Conduct vulnerability assessment.
• Implement email security controls e.g. SPF, DKIM, DMARC.
• Analyze cybersecurity laws issued by regulatory authorities and implement accordingly.
• Implement incident response framework (preferably NIST, MITRE) including forensic analysis, RCA, prepare the report and recommend action items/lesson learned.

RnD and Implementation

• Conduct RnDs in different IT areas e.g. new and emerging technologies, security controls, new threats, areas of improvements, security controls, security frameworks, optimization of IT resources, monitoring tools.
• Implement ISMS i.e. ISO 27001 Security Controls at INTECH global offices.
• Write and implement policies in accordance with ISO 27001, NIST, regulatory and corporate laws.
• Get the DRPs implemented for all major and critical IT and security areas.

Training and Awareness

• Conduct security awareness training to INTECH worldwide resources on regular basis.
• Enhance security awareness by sharing material with resources like flyers, posters, screen savers for new features/security controls.
• Conduct security surveys to get feedback and focus on week highlighted areas.

Documentation & Reporting

• Keep INTECH IT and security documentation updated.
• Prepare regular and ad-hoc reporting e.g. Hardware health, internet traffic flows, antivirus, network equipment, and devices, and share with concern management on a defined frequency.
• Share DRP testing results on a regular frequency.
• Prepare security monitoring and compliance dashboard using Power BI.

Skills

• Hands-on working on Microsoft, Systems, Networks Technologies.
• Knowledge of cybercrime laws/requirements for each country.
• Ability to analyze and evaluate INTECH security policies, procedures and identify their strengths and weaknesses.
• Hands-on knowledge of the information security risk assessment process.
• Knowledge of conducting audits, preparing audit reports, presentations to management.
• Excellent documentation (writing policies etc) skills.
• Knowledge of network and applications attacks and prevention techniques.
• Knowledge of NIST, MITRE, ISO-27001, OWASP, CVSS, OSINT, GDPR, autopsy, Power BI

Education:

• Preferably candidate must have BCS/BS Computer Science degree from a reputable university.
• ISO 27001 Lead Implementer and Auditor Certifications (preferable).
• CISA / CISSP Certifications (preferrable)
• CEH / Penetration Testing Certification (preferable)
• CCNP R&S / Security

Experience:

• Minimum 3-4 years of work experience in the security field.
• Excellent written and verbal communication skills 

Job Location:

• Lahore, Pakistan