3x IT security jobs - part time for 3 years - Dublin, Ireland


Premium Job From Computer Futures

Recruiter

Computer Futures

Listed on

1st May 2018

Location

Dublin City Centre

Salary/Rate

£318 - £377

Type

Contract

Start Date

01/07/2018

This job has now expired please search on the home page to find live IT Jobs.

Job title: 3x IT security jobs - part time for 3 years - Dublin, Ireland

Industry: Irish public sector

Location: Dublin 8, Ireland.

Length: 36 month contract, (3 years), there is a 12 month extension possible after this.

Role titles, rate/salary and days per week:

Information Security Manager is EUR41,400/450e per day (for 4 years' + experience & 2 days a week), Information Security Analyst is EUR18,400/400e per day (for 4 years' + experience & 1 day a week)

Penetration Tester is 380e per day and (for 4 years' + experience & 22 days per year, FULLY OFFSITE)

Start date: July 2018

Interview: 1 round onsite in June 2018

Deadline for CV Application: 4th of May

Support: We will help you every step of the way in understanding the job, preparing for an interview and the location. If you are successful, we check in with you, once every 2 weeks (usually Thursday afternoon) to make sure everything is going well and support you.

X-factor: Opportunity to get an excellent work-life balance while also earning a salary which allows to achieve a high quality lifestyle. These roles would be suitable for people with other needs, passions or 1 day a week jobs. Also with the longevity of the 3 year contract, you can plan with certainty.

Public Sector Body Information:

This public sector body has an internal base of 300 users of IT systems. It also has 800 registered external users. These are mostly based around the country with some others based in external consultancy and contractor firms.

Following a number of audits and reviews, the body has decided to put in place an information security function separate to the IT function. The information security function will:

* Allow independence in conducting ongoing monitoring of internal operational IT controls.

* Coordinate a single consistent approach to information security across internal and externally managed IT operations.

* Advise business areas on the adequacy of controls being used by externally managed IT operations.

* Report to the Executive Team and the Audit and Risk Committee on the adequacy of the approach to information security risk.

* Promote and assess awareness in relation to information security.

* Investigate and report on information security incidents.

*

The public sector body has the following information security controls in place:

* McAfee Anti-virus

* Netfort Lan Guardian

* BitLocker Encryption

* Web Marshal Web Filtering

* Mail Marshal Mail Filtering

* OpenDNS Web Filtering

* Metacompliance Policy signoff

* Metaphish Phishing Simulation

* Ongoing Awareness Programme

* Nessus Professional Vulnerability Scanning

Information Security ManagerInformation Security Analyst duties:

* A review and update of IT and information security policies

* An updated register of information security risks

* Develop and implement a programme of regular monitoring of operational information security controls

* Annual analysis Report of Security Measures including;

* Firewall rules and policies

* Active Directory policies

* Passwords

* Mobile Device Management

* Wifi Configuration

* Environmental and physical controls

* Endpoint configuration

* Server configuration

* Conduct and report on regular scans of internal vulnerabilities using the Nessus Professional scanning tool

* Develop and implement a programme of information security awareness and assessment. The body uses Metaphish for phishing simulation and online learning

* Quarterly reviews of user access including privileged users across 14 systems including;

* Active Directory

* Financial Management Systems

* HR system

* Web Portal System accessed by Local Authorities

* Log and report on information security incidents

* Report to the Audit and Risk Committee 6 times a year on information security issues

*

Information Security Manager Skillsets:

Mandatory

* CISM or similar certification;

* At least 1 year experience working in a SOC or as a Security Manager;

Desirable

* Previous experience working with a SIEM solution;

* Previous experience in conducting information security audits or/and control checks;

* Previous experience in writing and presenting security reports to a technical and non-technical audience;

* Previous experience in reviewing and writing policies and procedures relating to information security;

* Previous experience in responding to and investigating security-related incidents;

The Information Security Analyst Skillsets:

Mandatory

* CISSP or similar certification;

Desirable

* Previous experience working with a SIEM solution;

* Previous experience in conducting information security audits or/and control checks;

* Previous experience in writing and presenting security reports to a technical and non-technical audience;

* Previous experience in interpreting and analysing large amounts of security-related data in the form of it network traffic and event logs;

Penetration Tester

The Penetration Tester will arrange for a comprehensive vulnerability test of externally hosted systems, checking for security vulnerabilities and configuration errors caused by system and network maintenance. Currently the company possesses a range of external public facing IP addresses, websites and mobile applications. The number of addresses, websites and applications to be tested is subject to ongoing change. It is anticipated that each of these systems will be tested at least once per annum or in line with any major upgrades.

Time and dates worked:

The Penetration Tester will be required to work for 2 consecutive days 4 times per year (i.e. 8 day's work per annum) to conduct offsite vulnerability scans against the external systems.

The Penetration Tester will also be required to conduct offsite penetration tests once a year against all systems. An additional 15 days should be allowed for this work.

Tests must include, but are not limited to the following;

1 Quarterly Vulnerability Scans

Website vulnerability scans covering a total 10 public facing IP Addresses. This will be in line with the requirements for external vulnerability scanning under the PCI DSS standard. This will at a minimum cover the following;

* Full TCP/ UDP scan: The scan covers the entire network port range and will identify and report on all open ports and services.

* Vulnerability scanning: The scans check for all known vulnerabilities including but not limited to the SANS top 20 most critical Internet security vulnerabilities and the RV10 (Real Vulnerabilities Top 10).

* Certificate detection: Scans must perform an inventory of all SSL certificates detected and the vulnerabilities associated with them.

* Assessment Reports: These should include the following;

* Raw reports of vulnerabilities found

* Assessment of the vulnerabilities found in the form of a written report identifying the risk associated with each vulnerability and the recommended remediation.

1 Annual External Penetration Tests of Externally Accessible Systems

2 Full Penetration Tests against a total of 10 public facing IP addresses.

3 Application Penetration Tests against a total of 5 web applications

The Penetration Tester must on completion of the penetration testing and web application testing provide a comprehensive written report detailing the results of these tests, and make recommendations for priority rated improvements (where applicable) to the security of network, websites, applications and mobile applications.

The report will include the following:

* details of weaknesses and vulnerabilities found as a result of the testing

* details as to how to address the weaknesses

* an executive summary that presents the findings in a non-technical manner relevant

Penetration Tester skillsets

Mandatory

* CISSP or similar certification;

* Specific industry recognised certification in Penetration Testing;

Desirable

* Previous experience with carrying out penetration tests across a range of bodies;

* Previous experience in writing and presenting security reports to a technical and non-technical audience;

To apply: Send in your profile/CV and I will come back to you with an email/call. As this is the public sector, there is a detailed application form that needs to be filled out. On average, this takes 2-3 hours to fill out about your IT experience so be prepared to have time to do this.

If you are interested in this position, please email your CV to me or give me a call to discuss further. If you are successful then you will get a response within 3 working days.

If you are interested in future public sector jobs in the future then please connect with me on Linkedin https://ie.linkedin.com/in/conormulloy/

NOTE: You must be an EU resident or have a valid STAMP 4 for visa to qualify for this role. Given the tight internal business deadline on this project, and the timescales involved in processing work card/permit applications, regrettably we will not be offering work permit sponsorship for this role.

*** Please pass this email onto any friend / colleague who may be interested***.

To find out more about Computer Futures please visit www.computerfutures.com

Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: