The TS Senior Security Engineer performs test activities and manages the internal or external customer independently. The Lead Technical Analyst is responsible for the customer satisfaction of the test deliverables and enables a smoothly running testing, validation or certification process. This includes using test automation tools, analyzing and validating test results and reporting to the customer. The Lead Technical Analyst participates in evaluating the security of IT products, such as network device, encryption software, mobile devices, payment terminals or e-Passports based on certain scheme requirement, such as Common Criteria, Cybersecurity Labelling Scheme, Common.SECC etc. This will include the development document review, IT products analysis, the development and the realization of penetration test, the support and training of evaluation engineers.
Responsibilities for Internal Candidates
- Support the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations management.
- Conduct IT product security function evaluation work based on scheme requirement, such as Common Criteria, Cybersecurity Labelling Scheme, Common.SECC etc..
- Customer code review when needed : due to stringent confidentiality and security requirements, it often requires traveling to customer premises.
- Based on the code review result, conduct a vulnerability analysis to determine if the customer product has any potential security weaknesses.
- Customer site audit when needed : normally traveling to customer premises, conduct remote audit in current Covid situation.
- Investigate possible logical attack scenarios. Provide support for the penetration tester in charge of product testing – by interpreting the code review findings and compliance checking result, orienting the attack paths and analyzing the test results.
- Formal report writing in line with customer and certification scheme requirements.
- Delivery of customer projects on time.
- Maintain/improve technical knowledge by attending educational workshops, reviewing professional publications, obtaining applicable certifications and participating in professional societies and cross-departmental task forces.
- Contribute to internal work processes by improving tools to evaluate efficiency, report writing and technical training.
- Performs other duties as directed by supervisor.
- Maintains Laboratory accreditation and resolve scheme's mandated corrective action plans.
Qualifications for Internal Candidates
- Master or Bachelor level degree (or equivalent) in Information Technology, Computer Science or equivalent proving your analytical skills and technical approach.
- Minimum 5 to 8 years’ information security working experience, Common Criteria evaluation experience is the best and ISO 27001 auditing will be an advantage.
- Possess CISM / CISA Certification or related is an added advantage.
- COMMON CRITERIA SINGAPORE EVALUATOR (under SCCS) Certified is an added advantage.
- Comfortable in trying yourself in new areas without necessarily knowing everything and can figure out things as you go.
- Like working towards a larger goal and willing to take the initiative in your own hands.
- Good at communicating and can convey message to both technical and business audiences.
- Able to make decision independently under certain scenario, such as during site audit in customer site.
- Nice to have IT product development experience or penetration testing experience.
