Job Description
1. Incident Detection and Response:
a. Monitor and analyse security events and alerts to identify potential security incidents.
b. Investigate and assess the nature and severity of security incidents.
c. Develop and implement incident response procedures to mitigate risks and minimize impact.
d. Work with relevant team members to ensure timely and effective incident resolution.
2. Vulnerability Management:
a. Review regular vulnerability assessments and penetration testing results.
b. Identify and prioritize vulnerabilities based on their severity and potential impact.
c. Work with system administrators and developers to address vulnerabilities.
d. Implement and maintain vulnerability management tools and processes.
3. Security Monitoring and Analysis:
a. Monitor security logs and systems for potential security breaches.
b. Analyse network traffic and system logs to identify suspicious activities.
c. Provide real-time monitoring and analysis of security events.
d. Provide information or summary of the reports on security incidents, trends, and vulnerabilities.
4. Security Policies and Procedures:
a. Review and ensure systems and processes are align and comply with updated security policies (IM8), standards, and procedures.
b. Ensure compliance with industry best practices.
c. Provide guidance and support to team members regarding security policies and procedures.
5. Security Tools and Technologies:
a. Implement and manage security tools and technologies.
b. Administer security systems such as *firewalls, *intrusion detection systems, and antivirus software.
c. Conduct research on emerging security technologies and recommend improvements.
d. Maintain up-to-date knowledge of security threats and countermeasures.
6. Risk Management:
a. Perform risk assessments to identify potential security risks and vulnerabilities.
b. Develop risk mitigation strategies and controls.
c. Monitor and report on the effectiveness of risk management activities.
d. Work with stakeholders to address and resolve security-related risks.
7. Security Incident Reporting and Documentation:
a. Document security incidents with their root causes and remediation actions.
b. Prepare incident reports for management and stakeholders.
c. Maintain accurate and comprehensive records of security incidents.
8. Collaboration and Communication:
a. Work with cross-functional teams to address security-related issues.
b. Communicate effectively with technical and non-technical stakeholders.
c. Provide guidance and support to IT teams on security-related matters.
d. Participate in security incident response drills and exercises.
Requirements
- Tertiary education (Degree or Diploma) in relevant field is preferred.
- Minimum 4 years of relevant experience required.
- Relevant web application experience.
- Identify app security lapses in a system and mitigation methods.
- Familiar with technologies like SAST, DAST or IAST.
- Familiar with security testing tools like Burp, ZAP, Nessus, Fortify SCA, CheckMarx, etc.
- Define app security practices for one or multiple systems/applications.
- Analyse scan results and address possible app security loopholes and threats.
- Anticipate and prepare for the next evolution of app security testing trends.
- Develop techniques to ensure development teams find flaws before they are introduced into production.
- Lead software security initiatives, eg bug bounty program.
- Oversee the security posture of web applications.
Khaty Zainal
Registration No. R22111204
