JAZZ – Technology
As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.
Our Team & You
As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 59 million+ customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.
What the first 30-60-90 days in the job will look like?
-Within 30 days you will:
Attend and graduate from our company-wide on boarding process along with a detailed orientation program where you will learn about Jazz’s core values, business, and products
Meet the relevant stakeholders concerning your team
Develop understanding of your division, function, its structure, and your role within the team.
Develop understanding of information security policies and procedures.
-Within 60 days, you will:
Get to know your relevant stakeholders e.g. business, infrastructure, commercial, finance and fraud management.
Get to know the SOC systems and processes.
Perform Level 2 SOC activities.
-Within 90 days to onwards you will:
Perform monitoring of all L1 activities.
Develop and maintain SOC processes and playbooks
Involved, investigating information security / finance related incidents and identifying loopholes in impacted system/application
Become a leading member of incidence response team.
Suggesting information security recommendations to all stakeholders
A Bit About You:
We are looking for someone who is willing to deliver on challenging projects and has taken end to end responsibility of operating and managing a Security Operations Centre.Prior experience of banking / telecom industry will be an added advantage.
We are looking for someone who have BS/MS in Information Security/Information Technology and should have 4 years of experience having security monitoring and security incident management skills; these skills are key to meet the performance expectations for this role. Should have Excellent verbal and written communications skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences with Professional security certification.
This position will:
• Monitor Tier 1 SOC performance by investigating incoming events using JSOC-available tools ensuring Tier 1 event(s) are addressed in a timely manner using available reporting and metrics.
• Approve and, if necessary, further investigate Tier 1-escalated events.
• Mentor Tier 1 analysts to improve detection capability within the JSOC.
• Manage GSOC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
• Serve as detection authority for initial incident declaration.
• Function as shift subject-matter experts (SMEs) on incident detection and analysis techniques, providing guidance to junior analysts and making recommendations to organizational managers.
• Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per JSOC requirements.
• Conduct security research and intelligence gathering on emerging threats and exploits.
• Serve as a backup analyst for any potential coverage gaps to ensure business continuity
• Incident analysis, coordination & response
• Forensic artifact handling & analysis
• Malware & impact analysis
• Interfacing with senior management, activating the incident management team, establishing communications with appropriate team members and business units, providing status updates.
• Reporting, tracking, monitoring, and closing out incident response issues.
• Interacting with internal business units to address incidents and support investigations.
• Establishing and maintaining a mature incident management program.
• This Tier 2 role maps to the following services
Direct Support (2nd line) Incident Response,
‘Active list’ monitoring 24/7 availability
‘JSOC Health Monitoring’ Escalation / Notification
A Bit About Us:
The Cyber Security team is part of the Technology Department within the Cyber Security, Governance & Technology Compliance Division. The team is responsible for managing Information Security portfolio at Jazz. The Cyber Security is responsible for end to end security of jazz that includes developing policy, procedures, application security, network security, system security, end point security, logs monitoring, vulnerability assessment, security awareness, incident detection and response.
The structure of the team you will join is:
· A 11-member team (including the department head) with responsibility of Cyber Security IT & Network planning and Governance, Applications Assurance and Security Monitoring & Incident Response
· You will be part of a 9-members team reporting to a Stream Head Cyber Security.
The two (02) main priorities of the team as a whole are:
· Strong Governance with effective reporting of security KPIs
· Monitoring of security incidents and incident response
To collaborate and produce effective business results, the role requires
Team work & collaboration.
Vision and strategic thinking.
The ability to build strong relationships with External Teams: Convinces to adapt secure coding practices and testing post application development to avoid frauds and prevent leakage of confidential information accordingly.
The ability to build strong relationships with Internal Teams: Elaborates the technical terminologies to explain the processes for application/system penetration for detection of viruses/bugs in the system.
The two (02) specific tasks that team was working on in the last 6 months with results.
Cyber Security Incident Management
Vulnerability assessment and penetration testing.
The three (03) must have past experiences the candidate should have.
BS/MS in information security/Information Technology
Practical experience of security monitoring SOC in banking / Telco sector
Incident management and threat hunting.
The 4 must have technologies the candidate should have.
Essential skills must have:
• Self-starter needs no or little supervision;
• Ability to organize, plan and document tasks;
• Possess good logical and analytical skills to help in analysis of Security events/Incidents which are not already documented
• Independent security event/incident analysis skills using SIEM tool;
• Must be able to update tickets using technical language/jargon which is concise and readable;
• Knowledge of latest Information Security threats and attacks based on information sources such as Web, technical manuals, etc.;
• Should have working experience with ITIL processes such as Incident, Problem, and Change Management, etc.;
• Working knowledge of the TCP/IP protocol stack and understanding of TCP/IP services (SMTP, DNS etc.) and port details (25, 53 etc.) of majorly used TCP/IP applications;
• Knowledge on information security frameworks like ISO27001;
• Up to date knowledge of Jazz’s network and security architecture, existing security policies, JSOC architecture and JSOC management methodologies;
• Knowledge/understanding of network devices (routers, switches etc.), applications (firewalls, NIPS etc.) and Operating Systems (UNIX, Linux, Windows);
• Skill in applying host/network access controls (e.g., access control list).
Last Date to Apply: 11th March 2020
Working at the VEON GROUP demands a high standard of business ethics and adherence to our legal obligations, our values and our Code of Conduct and supporting compliance policies and procedures. Our pioneering spirit is embodied in our values to be customer obsessed, entrepreneurial, innovative, collaborative, and truthful. Being truthful requires us to act ethically, honestly, and with integrity.