Job Description:
- Monitor, maintain and fine-tune existing network & security infrastructure: Endpoint Security, Next Generation Firewall (NGFW), Encryption, email and network proxy gateways, Microsoft 365, DLP etc.
- Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)
- Prepare and document security hardening standard, security incident response plan & playbook.
- Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.
- Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and within OT environment.
- Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.
- With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement
- Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.
- Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.
- Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
- Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.
- Other duties as assigned.
Job Requirements:
- At least 3 years’ experience in security operations centre (SOC) and cyber security incident response team (CIRT)
- A proven track record as an Information Security engineer collaborating with teams internationally
- Hands on experience with security technologies such as NGFW, Endpoint Security, DLP, Proxy, Secure Email Gateway, Active Directory, Identity and Access Management (IAM), Microsoft 65, etc.
- Hands on experience with the implementation, configuration, fine tuning, operations, and maintenance of security tools
- General knowledge of industry best practices on security hardening, OWASP, network security, security risk & management frameworks, national cybersecurity standards, ISO27001, etc.
- Team player and able to collaborate across diverse stakeholders to achieve security objectives
- Excellent communication, interpersonal and consultative skills
- Good problem solving and analytical skills and workshop facilitation skills
- Experience in working with high performance teams and understand the dynamics of international teamwork
- Ability to learn and understand new concepts quickly to keep up with new emerging technology
- It would be advantageous for you to have exposure to working directly for companies who have gone through extensive periods of change and / or a full-scale transformation programme in recent years.
- Data driven, with a continuous improvement mind-set acumen.
- Tertiary Education in Computer Science or related fields
- Experience in solutioning, architecting, implementing security solutions
- CISSP, GIAC, CEH or other security certifications would be good