The primary responsibility of the Governance Analyst is to perform duties in one or more of the following areas: vulnerability management, cyber data governance, risk and verification, cyber policy/standards/standard operating procedures development, and penetration testing and red teaming. All duties are to be performed in accordance with departmental and Las Vegas Sands Corp’s policies, practices, and procedures.
JOB SCOPE
- Triage potential vulnerabilities identified by application security program with context of application and related business knowledge.
- Ability to review and understand source code from both business logic to ensure code is free from security defects prior to production release. Identify false positives, tracking and remediating found issues, tracking and performing the exception processes when require.
- Communicate cybersecurity standards applicable to technology and coding workflows.
- Working with DevSecOps engineers, optimize security with existing technologies and processes.
- Review performance of controls such as SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security.
- Cyber governance, risk and verification which performs risk assessments, system security and industrial control system zone security plans including listing controls, gaps in implemented controls and tracking remediation of gaps, and provides input to the risk register
- Penetration testing and red teaming which includes performing security testing to identify security vulnerabilities on LVSC applications and environment, providing recommendations for remediation, and tracking and remediating found issues.
- Cyber policy/standard and standard operating procedure creation, review, distribution, and maintenance
- Consistent and regular attendance is an essential function of this job.
- Performs other related duties as assigned.
JOB REQUIREMENTS
- Degree or Diploma with at least 2 - 4 years cyber security hands-on experience in one or more of the areas listed in place of a degree.
- Preferrable to have a current and in good standing CISSP, CSSLP or similar certification or Offensive Security (OSCP, OSWE, OSEP) or Crest (CRT, CCT) certifications
- Demonstrated experience in at least 1 area in the following list:Cyber Application Security Management
Cyber Vulnerability Management
Cyber Governance, Risk and Verification
Cyber Policy/Standard/Standard Operating Procedures
Cyber Penetration Testing and Red Teaming - Working knowledge of threats and vulnerabilities and their significance to cyber risk, application security, network operations, and end-point security
- Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.