Are you looking for a job that will contribute to empower Armenians to systematically improve their lives and wellbeing, provide opportunities for private enterprises to enhance competitiveness, ensure greater efficiency and good governance in public institutions, and enable the development and widespread use of personalized IT solutions built around the needs of everyday citizens? Then we have an exceptional opportunity for you!

We are now creating a strong team for The Information Systems Security Agency (ISAA). The concept of electronic identity in Armenia can strengthen and support the country in many ways. For this purpose, we are looking for a Incident Response Manager that will serve to protect national critical infrastructure.

We are growing and challenging ourselves to innovate and we are seeking collaborators to co-create. Join us, and help build the next impactful solution for our country and citizens. 

This role is a leadership position and requires both technical expertise and experience in 24/7 CSIRT operations. The selected candidate will lead a team of motivated cyber threat intelligence analysts and incident responders.

Responsibilities

• Develop incident response policies, processes, and procedures aligned with industry standards (e.g., NIST, ISO 27001, EU NIS 2). Ensure that these guidelines are continually updated to reflect emerging threats and best practices in cybersecurity.
• Establish the strategic direction for the CSIRT, ensuring long-term sustainability by aligning the team’s objectives with international cybersecurity frameworks (e.g., FIRST, TF-CSIRT). Foster collaboration with global counterparts and adopt a forward-looking approach to cyber resilience.
• Plan and manage the CSIRT operational budget effectively, ensuring that financial resources are allocated to key areas like staff training, advanced cybersecurity tools, and incident response infrastructure. Provide cost-benefit analyses for proposed investments.
• Lead and manage a team of incident response professionals, ensuring that all functions are discharged in line with established protocols. Implement continuous learning and development programs to enhance the team’s technical and operational expertise in incident response.
• Facilitate regular CSIRT meetings, ensuring accountability across the team. Establish escalation procedures for major incidents and provide guidance on when and how to communicate findings to executive leadership.
• Oversee the incident response handling, coordination, reporting and notificaiton functions using advanced Information Sharing and Threat Intelligence Platforms. Continuously refine workflows to reduce response times and mitigate risks.
• Deliver comprehensive project reports and documentation, ensuring that key performance indicators (KPIs) like MTTR and incident closure rates are clearly communicated. Ensure all reports meet the requirements of senior management and regulatory bodies.
• Coordinate the CSIRT’s implementation activities, working closely with the project  team to ensure all components of the CSIRT are operational. Manage the integration of new technologies and ensure seamless project execution.
• Oversee task planning and assignment within the team, acting as the primary contact for all project-related issues. Ensure clear communication of responsibilities and provide necessary technical support to team members when challenges arise.
• Collaborate with international CSIRTs and relevant organizations, fostering partnerships and participating in cross-border incident management. Ensure the CSIRT remains an active member of global cybersecurity networks.
• Create performance reports for management, outlining the team’s operational efficiency, key metrics (e.g., incident response times, successful threat mitigations), and areas for improvement. Present findings in a clear, actionable format to support strategic decisions.

  Qualifications

• Master’s degree in Information Technology, Computer Science, Electrical Engineering, Management Information Systems, Management or closely related field is required
• Knowledge of and an active interest in: information security research; computer industry trends; telecommunications; virtualization, and mobile computing
• Professional certification and \ or training in one or more of the following; Computer Security, Computer Security Incident Response and Management, , CISSP,CISM, , ISO 2700 or BS 7799.
• Minimum of 6 years mid to senior level working experience
• 4 years experience in the management of Information Systems.
• Working experience with an international or regional organization will be an asset
• Interest in continuous education in the field of information technology as well as tracking current trends.
• Knowledge of successful risk management and thus the early recognition of risks in order to be able to avert them at an early stage.
• Ability to approach management processes analytically and to solve problems as they arise
• Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, and senior management
• Strong communication skills as well as organizational talent
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Knowledge of cyber defense and information security policies, procedures, and regulations
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
• Knowledge of incident categories, incident responses, and timelines for responses
• Knowledge of incident response and handling methodologies
• Skill in performing damage assessments
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Skill in securing network communications
• Skill in using security event correlation tools
• Knowledge of network services and protocols interactions that provide network communications
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP)
• Knowledge of cloud service models and how those models can limit incident response
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored)
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of malware analysis concepts and methodologies.

To apply for the position the applicants must send their CV to the mail address in hr@isaa.am.