IT Specialist -Data Security

Program  Background

The Government of Lebanon, with support from the international community, is implementing the Reaching All Children with Education (RACE) initiative. First launched in 2013, RACE seeks to improve access to formal education for 460,000 Syrian refugee children and underprivileged Lebanese children in the country. Efforts under this new phase of RACE 2 are expected to minimize the short and medium-term costs of displacement for refugee families while strengthening the long-term capacity of the Lebanese education system to prepare children for life and work once regional stability returns. MEHE, with the support of CERD, is responsible for implementing the S2R2 program.

Program  Objectives

The Program Development Objective is to promote equitable access, enhance the quality of learning, and strengthen the systems in Lebanon’s education sector in response to the protracted refugee crisis. The key results are as follows:

Increase in the proportion of school-aged Lebanese and non-Lebanese children (3–18) enrolled in formal education;

Increase in the proportion of students passing their grades, and transitioning to the next; and

Improvement in MEHE’s capacity to review, evaluate, and update Program implementation.

Under the S2R2 program, the Center for Educational Research and Development (CERD)

is looking for IT Specialist-Data Security:

Tasks and Responsibilities

The IT Specialist-Data security‘s mission is to maintain CERD’s technical unit. In particular, he/she will be responsible for:

1. Provide capacity building for CERD staff on IT topics.
2. Provide technical recommendation and support on setting up the user interface and user rights.
3. mproving and enhancing the security of existing programs at CERD
4. Continuing hosting and maintenance of the CERD platforms, which would include applying security patches, clearing out log files, adding plug-ins enlarging disk space, sorting out security certificates and fixing bugs in the code.
5.  Support the front-line defence of networks, protecting information from unauthorized access and violations.
6.  Support CERD staff and build their skills and confidence to deliver the S2R2 related deliverables as well as their day-to-day duties.
7.   Work across LINUX, Windows platforms and technologies to design holistic security designs that treat identified risks and enable strategic and/or tactical business or IT solutions.

• 8. Recover deleted files; analyze and interpret data linked to crime; analyzes computer logs and mobile telephone records; and uncover links between events, groups and individuals through pursuit of data trails.

  9. Monitor information systems, computers and networks to detect cyber threats and respond to cyber threats and finally to remediate information security threats and vulnerabilities.

  10. Analyze and assess potential security risks, develop plans to deal with such incidents by putting measures in place such as firewall, IPS, SIEM encryption, monitoring and auditing systems for abnormal activity, and executing corrective actions.

  11. Apply broad-based knowledge of security technologies with an in-depth/specialized knowledge of security tools like Nmap, Open VAS, Snort, Wireshark. Kali Linux, etc. to perform daily tasks.

  12. Support CERD staff and build their skills and confidence to deliver the S2R2 related deliverables as well as their day-to-day duties.

  13. Perform other tasks related to the program objectives as assigned by CERD President or S2R2 Steering committee

  Deliverables

• IT Security audit report and an action plan to improve IT security, including organizational, infrastructure and application security levels.
• The requirements and technical specifications for the security solutions
• Report on the implementation of security solutions, especially open source.
• Reports on vulnerability and intrusive application and network tests
• The dashboard on the follow-up of the action plan and reporting on the implemented actions to improve IT security
• Awareness actions on user security

  Reporting

  All reports should be submitted to S2R2 Steering Committee and the Technical Unit

  according to the scheduled time frame, and dates will be communicated based on the contract signature date.

  CERD will provide templates for the required reports – to be submitted in English and

  Arabic – if needed.

  CERD owns property rights of all reports.

  Qualification Skills

• Research, analysis, and problem-solving.
• E-learning and online experience is a plus.
• Ability to write detailed scientific reports and documentation that include diagrams and charts.
• Experience in Business Process automation and Workflows is a plus.
• Strong skills in C++ or C#, .Net, PHP, and JS
• Excellent knowledge of MySQL and writing complex SQL queries.
• knowledge in LMS: administration, hosting services, integrator and courses developing, Interactive Web Designing.
• Knowledge of data Acquisition / Data Quality
• Knowledge of Cyber Security Datawarehouse - Hadoop

  Certifications:  ( At least 2 certifications among the following)
   

• Certified Ethical Hacker (CEH) 
• Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Languages

1.   Excellent written and oral communication skills in both English and Arabic.

2.   French is a Plus.

Previous Experience

• 1.  Having at least five years of experience working daily with network or host-based
• threat-detection technologies.
• 2. Supporting platform plugins, API integrations, and customizations.
• 3. Knowledge of networking technologies and protocols, including Ethernet, VLANs,
• TCP/IP and routing.
• 4. Experience with security technologies including Vulnerability Scanning, Firewalls & Log Analysis, Host-based detection tools, Security Event and Incident Management (SEIM), Antivirus, Network Packet Analyzers, malware analysis and forensics tools.
• 5. Experience in analyzing audit logs, router logs, firewall logs, IDS logs and TCP/IP headers.
• 6. Improve the target state operating model, data governance, organization and roles and responsibilities to sustain the recommended changes
• 7. Previous security analyst experience - monitoring, investigating, alerting and reporting security threats

Behavioural Skills

1.   Strong communication skills

2.   Good organizational skills

3.   Good time management

4.   Must be pro-active and a self-starter as this position requires a lot of