Information Security Engineer  

**Full job description will be forwarded to shortlisted applicants.

Under the supervision of the Information Security Head, the Information Security Engineer is responsible for planning, designing, implementing, managing, maintaining, and monitoring the University’s Information Security Architecture and Infrastructure in line with internal policies, industry standards and regulations. The position implements information security measures and guidelines to ensure adherence and compliance.

I. Cybersecurity Governance

• Develops information security policies and standards that are aligned with information security standards such as the National Institute of Standards and Technology (NIST), ISO 27000 and Computer Information Systems (CIS).
• Develops and maintains cybersecurity performance metrics, service level agreements (SLAs), and key performance indicators (KPIs).
• Provides guidance and oversight for security-related projects and initiatives.

II. Cybersecurity Operations

• Manages and operates infrastructure, platform, application, data, host and user security to maintain a robust security posture within the operational environment.
  • Collaborates with IT teams to ensure security measures are integrated into the organization’s infrastructure and systems.
  • Monitors security alerts and events from various sources, including endpoint protection, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, and other security tools in the University.
  • Investigates and analyzes network traffic, system logs, and other data sources to identify signs of unauthorized or malicious activity.
  • Manages vulnerability and implements regular patch management, application of
  • security updates, patches, and fixes to software, operating systems, and applications to address known vulnerabilities and reduce the risk of exploitation.
  • Performs regular vulnerability assessment to identify and prioritize vulnerabilities in the IT infrastructure, assessing the potential impact, and taking measures to mitigate the associated risks.
• Manages and operates protective and detective controls to prevent cyber attacks.
• Stays up-to-date with the latest cyber threats, attack techniques, and security trends.
• Implements and incorporates threat intelligence into security monitoring and incident response strategies. Focus of Operations team is on the BAU/operations or keeping the lights on and incident handling and management.
• Performs incident response (i.e., Prepare, Detect, Contain, Eradicate, Recover) on cybersecurity attacks.
  • Develops and maintains incident response procedures (i.e., prepare, detect, contain, eradicate, recover) to effectively manage security incidents.
  • Investigates alerts and anomalies to determine the nature and severity of potential security incidents.
  • Responds to security incidents in a timely and effective manner, implementing necessary measures to contain and mitigate threats.
  • Coordinates and collaborates with other teams to contain and mitigate security breaches.
  • Documents and reports security incidents and their resolution
  • Leads in conducting post-incident analysis and documentation to improve incident response processes.
  • Contributes to the development and improvement of security monitoring and incident response procedures.
• Manages and implements identity and access management.
• Performs threat intelligence to protect the university from potential cybersecurity attacks.
• Assists in educating the community about information security threats and ways to avoid them.

III. Performs other work-related tasks as may be required by the immediate supervisor and authorized representative.

Education and Experience Requirements

• Bachelor's degree in Computer Science/Engineering, Information Systems, or equivalent
• At least 2 years of work experience in Cybersecurity, including experience in designing and implementing security solutions and conducting security and risk assessments
• Significant low-level networking experience with the TCP/IP (Transmission Control
• Protocol/Internet Protocol) stack, an advantage
• Work experience in Team Management