Details

 

About the Company

Petroleum Development Oman is the leading exploration and production company in the Sultanate of Oman. The Company delivers the majority of the country's crude oil production and natural gas supply.

Purpose of the Job

Responsible for detecting, preventing, responding and managing latest cyber security threats and incidents and to provide specialist technical expertise in assessing, designing, implementing and supporting infrastructure security solutions.

Education & Experience

•Bachelor’s degree in computer science or equivalent with minimum 7 years’ experience in the field of IT
•Minimum 5 years' experience in a security assessment or service management/delivery capacity
•Information Security qualifications like Certified Information Systems Security Professional (CISSP) or CISM is preferable
•Experience in security assessment, log monitoring, IT infrastructure, application-level vulnerability testing and auditing, network and application security.
•Experience in Firewalls, NGIPS, IPS/IDS Systems, Web Application Firewalls, Network Traffic Analysis Solutions, Unified Thread Management (UTM), Email Security Gateways, Internet access Proxies and Endpoint & Antivirus Security Systems.
•Team player, strong interpersonal and communication skills, with high level of customer orientation and mindset to deliver quality and pro-active service.
•Experience in a security service management position in an IT division in the Oil and Gas or similar industry is preferable
•Strong understanding of the Microsoft Windows products in both Operations Domain & Industrial Control Systems domain.
•Strong understanding of UNIX / Linux is preferable

Main Responsibilities

•    Performs static/dynamic code testing, manual code inspection, threat modelling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects
•    Manage, configure, patch, upgrade and troubleshoot Firewalls, NGIPS, IPS/IDS Systems, Web Application Firewalls, Network Traffic Analysis Solutions, Unified Thread Management (UTM), Email Security Gateways, Internet access Proxies and Endpoint & Antivirus Security Systems.
•    Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
•    Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements
•    Work with different application teams to ensure secure code development 
•    Conduct vulnerability assessments, penetration testing, verification of baseline compliance to maintain the confidentiality, integrity & availability of the assets
•    Conduct security assessments and code review for applications to ensure applications are free of weaknesses and flaws
•    Analyse, triage and raise threat advisories on the emerging threats related to PDO, Oil & Gas and suppliers and partners
•    Act spontaneously and provide necessary evidences to the Incident response team as needed.
•    IT Security Operation Support Activities covering IT & OT/PCD Environments
•    Participate in information security risk assessments and serves as an internal resource to investigate security incidents 
•    Responsible for information security reviews in IT & OT/PCD (E.g. Annual vulnerability assessment, evergreen program, configuration review, user/admin access review & USB)
•    Stay abreast with the latest emerging security threats and designs security architecture to mitigate threats where possible
•    Develop and maintain the knowledge base, guidelines and standard operating procedures for security administration, particularly with regards to architecture and platforms change due to adoption of new technology