Senior Security Analyst

Overview

The Senior Security Analyst will support Aramco Asia cybersecurity daily operations, lead cybersecurity projects, and work with external partners such as Saudi Aramco to secure the infrastructure. In addition with helping to secure Aramco Asia digital transformation roadmap to cloud-first strategy.

Responsibilities

• Engage in evaluations, proof-of-concept activities, design, build and implementation of cybersecurity solutions, specializing in network security (such as Network Access Control, Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), IPS etc.), other perimeter protection tools with minimal supervision and guidance.
• Perform core operational cyber-security functions such as co-managing security controls ranging from endpoint security, email security, web security, data leakage prevention.
• Capable of handling other security technologies with minimal supervision and guidance.
• Respond to security incidents and manage incident response.
• Provide cloud security assessment and propose enhancements and solutions.
• Participate in or conduct cyber-security assessments, and evaluate proposed changes, and/or execute action plans to enhance cyber-security resilience and risk mitigation.
• Participate in incident response planning and remediation actions.
• Enhance cyber-security operations functions through process enhancements, automation and stakeholder engagement.
• Lead enhancement of cyber-security functions through vendor/supplier identification, scope of work development, justification, contract review, contract negotiation and procurement engagement.
• Execute and communicate enhancement strategy of cyber-security functions using measured goals, proper tracking and reporting.
• Establish, maintain and enforce procedures, guidelines and baselines related to security for the users and administration of IT systems.
• Collaborate with stakeholders from other IT functions for cyber gaps remediations efforts and provide security review consultations if required.
• Participate in raising cybersecurity maturity of the organization.
• Perform other miscellaneous security related duties as directed by IT Management.

Requirements

• Bachelor's degree in the IT field.
• At least 12 years’ experience in IT and/or cybersecurity field.
• Min 8 years work experience at information security service-company or cybersecurity department.
• Possess strong technical knowledge, technology integration and troubleshooting skills
• Experienced with network security tools such as network access control, firewalls, HIPS and NIPS. Candidates with strong experience in network engineering will also be considered.
• Able to work independently and drive new initiatives proactively.
• Knowledge of modern cloud technology components and deployment patterns (Azure, AWS)
• Understand and familiar with securing onprem and cloud infrastructure.
• Preferred GIAC certifications - GCIH, GNFA, GPEN, GCAD, GDSA.
• CISSP Network professional certification (CCNP Enterprise, CCNP Security, CCIE Enterprise, CCIE Security) or Cloud security certification is preferred (CCSP, CCSE, AZ 500, etc)
• Experience with Windows hardening is preferred. Additionally, the ability to implement automation using scripts or automation platforms such as SOAR or Power Automate is highly valued.
• Proficient in written and oral English.