IT and Telecom Security Expert is specialized in vulnerability assessment and penetration testing on both IT and Telecom systems. Also, responsible for the design and performance of application security robustness tests.

Key Responsibilities

• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices and Telecom nodes.
• Develop and maintain security testing plans.
• Automate penetration and other security testings on networks, systems, and applications.
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risks.
• Produce actionable, threat-based, reports on security testing results.
• Act as a source of direction, training, and guidance for less experienced staff and mentor and coach other IT security staff to provide guidance and expertise in their growth.
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediations.
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors, and regulators.
• Deliver the annual penetration testing schedule and conduct awareness campaigns to ensure proper budgeting by business lines for annual tests.
• Foster and maintain relationships with key stakeholders and business partners.
• Perform penetration tests on computer systems, networks, and applications.
• Perform penetration tests on Telecom Nodes (2G/3G/4G).
• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection.
• Threat modeling and exposure assessment.
• Search for weaknesses in common software, web applications, and proprietary systems.
• Research, evaluate, document, and discuss findings with IT teams and management.
• Review and provide feedback for information security fixes.
• Establish improvements for existing security services, including hardware, software, policies, and procedures.
• Identify areas where improvement is needed in security education and awareness for users.
• Auditing Telecom core network nodes.

Competencies

• Pen-testing experience in large enterprises, Telecos and ISPs.
• Experience in security assessment tools (such as Aircrack-ng, Burp Suite, SQLmap), Security frameworks (such as NIST, SOX, HIPPA).
• Experience in testing telecom nodes and protocols (SS7, GTP, Diameter, SIGTRAN, etc…).
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell).
• Hands-on experience with testing frameworks such as the PTES and OWASP.
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud.
• Hands-on experience with the Development of telecom vulnerability scanning products and Telecom Stack development.
• GPEN, OSCP, OSCE, or similar certifications.
•  

Work Experience

10 years of work experience in a relevant field.

Education

Bachelor's degree in Information Technology or any related field.

Language

• Arabic (preferred)
• English (required)
• Kurdish (preferred)