Job Description Job Title:
Cyber Security- Cyber Security Engineer Location: Dublin 2 Full time role.
Typical arrangement is 1-2 days in office attendance per week + onsite as required Contract / Permanent: FTC 12 Months, With further extension Start date: On or before 24/02/2025 Role: Our client is looking to establish a cyber security posture management team including the role of Cybersecurity Risk Officer.
The Risk Officer role deals with trying to predict and manage Cybersecurity risk within the organisation.
The tole is demanding and involves assessing the threats posed to Revenue from various sources and translating that into a model that can be used to efficiently direct resources and expenditure for maximum return.
The Responsibilities of the Role and the activities that will be required are: · Generate and maintain a threat actor assessment model Identify Threat Actors and motivations to use as a template for risk profile assessment.
Apply these profiles to the risk model to provide a more complete risk assessment of identified threats.
* Generate, Maintain and assess Cybersecurity Incident Response plans based on threat scenarios Preparing Incident documentation and procedures in anticipation of an incident.
Baseline scenario generation and assessment against the existing incident preparation material.
Adding new scenarios and adapting as our status changes · Detect, Assess and verify vulnerabilities in Revenue systems Using penetration testing techniques to analyse Revenue web applications and internal systems Reporting on findings and offering researched solution advice · Build and maintain a risk profile of Revenue systems to enable accurate risk assessment The Risk Officer will lead a project to pull together information from relevant sources with the aim of building an accurate risk profile of Revenue systems and services.
This risk profile will then be used to generate modified risk scores for CVEs as well as generate impact assessments.
The Risk Officer must build an in-depth knowledge of Revenue systems and technologies in order to correctly model the environment.
A strong technical understanding and applicable hands-on experience would be seen as an advantage.
* SIEM management and orchestration including use case generation and vendor collaboration Meet with SIEM vendor or vendors and service providers to ensure that use cases match our risk profile and to identify the optimum information resources for SIEM ingestion.
* Revenue Risk Posture management (Risk and Vulnerability management) Ownership and management of the Cybersecurity Risk and Vulnerability management process through its lifecycle.
Lead security resources in developing processes, administration of the RVM, reporting and co-ordination of risks to relevant stakeholders.
* Project input provide insight, co-ordination and input into projects at project initiation/HLD stage.
This will require an ability to read and review project plans and provide feedback or ask for clarifications.
Participate in projects that require security input and activities and provide support for other teams to ensure security by design principles are adhered to
Experience Level Required:
* It is a mandatory requirement, that the Resource proposed has the equivalent of 7 years of Cybersecurity experience with demonstrable focus on Risk assessment/Risk management
* It is a mandatory requirement, that the Resource proposed hold the following qualifications or equivalents: A Professional qualification in a framework or standard that incorporates cybersecurity risk assessment.
A penetration testing qualification from a recognised vendor outside of college modules that form part of a larger qualification.
Key Deliverable:
The following non-exhaustive list of Key Deliverables, are applicable to this Role.
* Cyber Security Risk management by engaging with stakeholders through whichever medium is most appropriate
* Design and management of a working vulnerability management process that improves communication of risks and makes identification of actions easier
* Delivery of penetration testing on internal systems and applications as required.
All tests must include a findings report and a follow-up with stakeholders to agree actions required for mitigation · Periodic reporting on Cyber Security Posture within Revenue · Develope and maintain a cybersecurity risk model that represents Revenue and its systems, services and data.
Requirements Key Experience/ Competencies/Skillsets:
The following Experience/Competencies/Skillsets are applicable to this Role.
1.
Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector, FinTech or Public Services organisation 2.
Experience of penetration testing involving any or all of : a.
Web application (Java, PHP, Angular) b.
Infrastructure (network, windows, linux, database) c. API / Cloud (AWS, GCP, Azure) 3.
Experience of the application of the MITRE Att&ck framework 4.
Attack simulation and risk modelling 5.
Report writing and delivery of results 6.
Working as part of a team to deliver cross discipline projects 7.
Experience of team leadership in a security environment Requirements The following Experience/Competencies/Skillsets are applicable to this Role.
* Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector, FinTech or Public Services organisation 2.
Experience of penetration testing involving any or all of : a.
Web application (Java, PHP, Angular) b. Infrastructure (network, windows, linux, database) c. API / Cloud (AWS, GCP, Azure) 3.
Experience of the application of the MITRE Att&ck framework 4.
Attack simulation and risk modelling 5.
Report writing and delivery of results 6.
Working as part of a team to deliver cross discipline projects 7.
Experience of team leadership in a security environment