Background

The Ministry of Mines and Petroleum (MoMP) is responsible for managing Afghanistan’s mineral, oil, and gas resources. As the ministry modernizes its digital infrastructure and implements the Digitalization in its main office as well as provincial directorate, it faces growing cybersecurity threats to its enterprise network, servers, VoIP systems, and data repositories. The Cybersecurity Specialist will lead the assessment, enhancement, and protection of these systems to ensure their resilience, compliance, and reliability. The role also focuses on building internal capacity and institutionalizing robust security protocols aligned with national and international standards

Job Summary

The Cybersecurity Specialist is responsible for securing the organization's IT infrastructure, including the local network, server environment (DMZ), and VoIP systems, against cyber threats, data breaches, and unauthorized access. The role involves risk assessment, system hardening, incident response, and continuous monitoring, ensuring compliance with international security standards and regulatory frameworks.

Key Responsibilities

1. Network & Infrastructure Security (Based on ISO 27001, CIS Controls 1–6)

• Secure LAN components (switches, routers, firewalls, access points) through proper configuration, segmentation (VLAN), and network access control (NAC).
• Implement firewall and routing policies following the principle of least privilege.
• Enforce wireless security standards (WPA3), and segregate guest and corporate traffic.

2. DMZ & Server Security (Aligned with NIST CSF ID.AM, PR.AC, PR.IP)

• Harden and monitor servers in the DMZ; apply secure baselines and patch management.
• Deploy IDS/IPS and Web Application Firewalls (WAF) to monitor inbound/outbound traffic.
• Enforce TLS/SSL encryption for all external-facing services.
• Limit access using role-based access control and conduct vulnerability assessments.

3. VoIP Security (ISO 27001 Annex A.13 & A.9)

• Secure VoIP infrastructure against DoS, SIP fraud, and interception using VLANs, SRTP, and TLS.
• Monitor call traffic for anomalies and apply ACLs to restrict SIP/RTP access.
• Regularly patch VoIP hardware/software and apply secure configuration standards.

4. Data Protection & Loss Prevention (Aligned with ISO 27001 Annex A.8, A.10, A.12)

• Implement Data Loss Prevention (DLP) tools across endpoints, email, and cloud services.
• Ensure encryption of sensitive data at rest and in transit using industry best practices.
• Manage secure backup solutions with redundancy, versioning, and regular recovery testing.

5. Threat Monitoring & Incident Response (NIST CSF DE.CM, RS.RP, RS.CO)

• Use SIEM solutions for centralized log collection, event correlation, and threat detection.
• Lead incident response activities including investigation, containment, recovery, and reporting.
• Develop and test Incident Response Plans (IRPs) aligned with business continuity policies.

6. Compliance, Governance & Awareness (ISO 27001 A.7, A.18)

• Ensure compliance with regulatory standards (e.g., ISO 27001, GDPR, NIST).
• Maintain security documentation, access logs, and audit records.
• Conduct regular employee security awareness training and phishing simulations.
• Contribute to the development and enforcement of internal security policies and procedures

Qualifications

• five years of work experience required for a Bachelor's degree in Information Security, Computer Science and four years for a Master's degree in relevant fields
• Relevant certifications: CISSP, CISM, CEH, CompTIA Security+, or equivalent.
• 3+ years of experience in network and infrastructure security.
• Strong knowledge of firewall systems, SIEM tools, VoIP security, and ISO/NIST standards.

SUBMISSION GUIDELINE:

• Please send your CV and Cover Letter to the email address below no later than 06/16/2025at 4:00 pm.
• Please write in the subject line: “Cybersecurity Specialist (Network & Infrastructure Security)
• Note: Only Shortlisted Candidates will be contacted.

Submission Guideline: nta.recruitment@momp.gov.af