Consultant to support ICT Department for Designing the Cyber Security Framework of Afghanistan

Master's Degree   Afghanistan Full Time 1319
Date Posted:Jun 27, 2013
Reference:MCIT/ICTDP/P121755/IDA-H-665-AF/C3.6
Closing Date:Jul 26, 2013
Work Type:Full Time
Number of Vacancies:1
Gender:Male
Functional Area:IT - Hardware
Nationality:
Salary Range:Salary is negotiable
Years of Experience:10 Years
Contract Duration:Open Ended
Extension Possibility:No
Contract Type:Permanent
Probation Period:Unspecified
Required Languages:Dari, Pashtoo, English

About Project Management Office (PMO):

Job Summary:

The Consultant will assist the Head of Information Security Department of MCIT, to provide Cyber Security Services to MCIT. These Cyber Security Services include data audit, policy enforcement, information assurance and incident responses. The Consultant will train the Staff of MCIT on Cyber Security Technologies, Access Controls, Authentication Procedures, Intrusion Detection & Incident Responses, Risk Management, Vulnerability Assessment & Audit and Cyber Security Policies, Regulations and Procedures.

Skills Required:

Not available

Provinces to travel:

Skills Description:

At least 5 years of experience in network and data security

Duties & Responsibilities:

a) Provide on-site orientation to MCIT’s Staff related to Cyber security, information assurance and related technologies;
b) Carry out in-depth analysis of the Cyber Security infrastructure of MCIT;
c) Conduct risk analysis on MCIT’s existing networks;
d) Prepare standard procedures for the cyber security risk assessment;
e) Provide a framework on the Incident Response Process;
f) Provide training to MCIT’s Information Security Department Staff on:
i) Cyber Security Basics: Goals of cyber security, structure of the Internet, common types of attacks and review of the players in the cyber security arena;
ii) Understanding Cyber Technology: Cyber technology, TCP/IP, networked applications and network components;
iii) Cyber Attack Technology: Threats, exposures, weaknesses and attack methodologies;
iv) Access Controls: The role of access controls, group policies, security templates, and firewall policies;
v) Authentication: Authentication, authorization and accounting, enterprise grade authentication and the role of multifactor authentication;
vi) Intrusion Detection and Incident Response: Intrusion prevention and detection, incident response, forensic analysis and the evidence life cycle;
vii) Risk Management: Identifying assets, determining exposures, considering controls to reduce cyber risk and mechanisms to secure critical systems;
viii) Security Policies and Best Practices: Designing and implementing policies, standards and procedures developing best practices;
ix) Securing Network Communications: Securing remote access networks, creating VPNs and assessing the need for secure communications;
x) Vulnerability Assessment and Audit: Scanning systems of MCIT, performing vulnerability assessments on MCIT’s Systems executing penetration tests and mechanisms to review log files and working with syslog servers of MCIT;
xi) Cyber Security-way forward: An analysis of the future of cyber security, emerging job roles and needed skills for the emerging cyber security field.

g) The Consultant will carry out any other Tasks within the broad scope of cyber security as assigned to him by Director of Information Security Department and by DG-ICT of MCIT.

Deliverables and Reporting Requirements:
a) The entire assignment is scheduled to be completed within 12 months from the date of signing the Contract;
b) The Consultant will be located at MCIT main office -Kabul, Afghanistan;
c) The Consultant will report to the Director of Information Security Department of ICT Directorate of MCIT;
d) The Consultant will submit monthly Progress Reports on all the Tasks assigned to him, to the Director of Information Security Department and to the DG-ICT of MCIT.

Job Location:

Afghanistan

Qualifications:

1. Masters degree in information security will be preferred;
2. Must possess Professional Certifications such as CISSP, CEH, ISMS or Higher/Equivalents;
3. At least 5 years of experience in network and data security;
4. Minimum of 2 years of hands on technical experience in Cyber security, information assurance, and related technologies;
5. Must have Knowledge of industry standards, e.g. ISO 2700 series and other industry related security standards;
6. Prior experience with the utilization of Information Security tools NMAP, Ethereal, Web Inspect, etc. and manual techniques to exploit the vulnerabilities in the OWASP top 10 including but not limited to cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain access to target systems;
7. Good understanding of systems design and analysis; Understanding of international policies and standards in areas of network securities; Understanding of Cisco platforms being used by the Government; Understanding of network security standards; Good understanding of computer hardware; Good understanding of server applications and operating systems; Understanding of international policies and standards in areas of computer networks and hardware;
8. Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use, or identification of insecure network protocols; Attack and Penetration experience in testing of internet infrastructure and web-based applications utilizing manual and automated tools;
9. Basic understanding of networks, including TCP/IP and network security concepts ;
10. Must be able to troubleshoot complex PC configurations ;
11. Computer literacy and ability to effectively use office technology equipment, IT tools;
12. A thorough knowledge of English is essential;
13. Good communication and interpersonal skills;

Job Keywords:

C3.6
This job is expired