Consultant to support ICT Department for Designing the Cyber Security Framework of Afghanistan(1199 Views)
About Project Management Office (PMO)
The Consultant will assist the Head of Information Security Department of MCIT, to provide Cyber Security Services to MCIT. These Cyber Security Services include data audit, policy enforcement, information assurance and incident responses. The Consultant will train the Staff of MCIT on Cyber Security Technologies, Access Controls, Authentication Procedures, Intrusion Detection & Incident Responses, Risk Management, Vulnerability Assessment & Audit and Cyber Security Policies, Regulations and Procedures.
|Date Posted:||27 Jun 2013||Reference:||MCIT/ICTDP/P121755/IDA-H-665-AF/C3.6|
|Closing Date:||27 Jul 2013||Work Type:||Full Time|
|Number of Vacancies:||1||Gender:||Male|
|Functional Area:||IT - Hardware||Open Ended:||NO|
|Nationality:||Salary Range:||As per company salary scale|
|Contract Type:||Permanent||Years of Experience:||10 Year(s)|
|Contract Duration:||Extension Possibility:||Yes|
Duties and Responsibilities
a) Provide on-site orientation to MCIT’s Staff related to Cyber security, information assurance and related technologies;
b) Carry out in-depth analysis of the Cyber Security infrastructure of MCIT;
c) Conduct risk analysis on MCIT’s existing networks;
d) Prepare standard procedures for the cyber security risk assessment;
e) Provide a framework on the Incident Response Process;
f) Provide training to MCIT’s Information Security Department Staff on:
i) Cyber Security Basics: Goals of cyber security, structure of the Internet, common types of attacks and review of the players in the cyber security arena;
ii) Understanding Cyber Technology: Cyber technology, TCP/IP, networked applications and network components;
iii) Cyber Attack Technology: Threats, exposures, weaknesses and attack methodologies;
iv) Access Controls: The role of access controls, group policies, security templates, and firewall policies;
v) Authentication: Authentication, authorization and accounting, enterprise grade authentication and the role of multifactor authentication;
vi) Intrusion Detection and Incident Response: Intrusion prevention and detection, incident response, forensic analysis and the evidence life cycle;
vii) Risk Management: Identifying assets, determining exposures, considering controls to reduce cyber risk and mechanisms to secure critical systems;
viii) Security Policies and Best Practices: Designing and implementing policies, standards and procedures developing best practices;
ix) Securing Network Communications: Securing remote access networks, creating VPNs and assessing the need for secure communications;
x) Vulnerability Assessment and Audit: Scanning systems of MCIT, performing vulnerability assessments on MCIT’s Systems executing penetration tests and mechanisms to review log files and working with syslog servers of MCIT;
xi) Cyber Security-way forward: An analysis of the future of cyber security, emerging job roles and needed skills for the emerging cyber security field.
g) The Consultant will carry out any other Tasks within the broad scope of cyber security as assigned to him by Director of Information Security Department and by DG-ICT of MCIT.
Deliverables and Reporting Requirements:
a) The entire assignment is scheduled to be completed within 12 months from the date of signing the Contract;
b) The Consultant will be located at MCIT main office -Kabul, Afghanistan;
c) The Consultant will report to the Director of Information Security Department of ICT Directorate of MCIT;
d) The Consultant will submit monthly Progress Reports on all the Tasks assigned to him, to the Director of Information Security Department and to the DG-ICT of MCIT.
At least 5 years of experience in network and data security
1. Masters degree in information security will be preferred;
2. Must possess Professional Certifications such as CISSP, CEH, ISMS or Higher/Equivalents;
3. At least 5 years of experience in network and data security;
4. Minimum of 2 years of hands on technical experience in Cyber security, information assurance, and related technologies;
5. Must have Knowledge of industry standards, e.g. ISO 2700 series and other industry related security standards;
6. Prior experience with the utilization of Information Security tools NMAP, Ethereal, Web Inspect, etc. and manual techniques to exploit the vulnerabilities in the OWASP top 10 including but not limited to cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain access to target systems;
7. Good understanding of systems design and analysis; Understanding of international policies and standards in areas of network securities; Understanding of Cisco platforms being used by the Government; Understanding of network security standards; Good understanding of computer hardware; Good understanding of server applications and operating systems; Understanding of international policies and standards in areas of computer networks and hardware;
8. Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use, or identification of insecure network protocols; Attack and Penetration experience in testing of internet infrastructure and web-based applications utilizing manual and automated tools;
9. Basic understanding of networks, including TCP/IP and network security concepts ;
10. Must be able to troubleshoot complex PC configurations ;
11. Computer literacy and ability to effectively use office technology equipment, IT tools;
12. A thorough knowledge of English is essential;
13. Good communication and interpersonal skills;
The Ministry of Communications and Information Technology (MCIT) now invites eligible Consultants to indicate their interest in providing the services. Interested Consultants must provide information indicating that they are qualified to perform the services. Description of qualifications held, experience and availability of appropriate skills should be given in Consultant’s CV.
A Consultant will be selected in accordance with the procedures set out in the World Bank’s Guidelines: Selection and Employment of Consultants by World Bank Borrowers (January, 2011 edition).
To ensure impartiality, the consultant (including his home office, if any) must not, in any way, be affiliated with business entities that are currently providing or are seeking to provide goods or services to the project.
For further details, Interested Consultants are requested to contact GM-FPD of MCIT, at the address given below, during office hours from 0800 to 1600 hours:
General Manager for External Procurements;
Foreign Procurement Department (FPD)
Procurement Department, Ministry of Communications and IT (MCIT)
Mohammad Jan Khan Watt; Kabul, Afghanistan
Phone: Office: +93 20 210 37 41; Cell: +93 700 222 009;
Any queries on the position may also be addressed to the above mentioned email address (email@example.com), with CC to firstname.lastname@example.org, latest one week before the deadline for submission of expression of interest.
Expressions of interest, including detailed Resumes (CVs) must be delivered by E-Mails
with CC to: email@example.com
You must be logged in to see the submission Email (if any).
|More jobs in this category|
No Record Available!