Responsibilities

  • Keep abreast of Information/Cyber Security landscape and work with industry to evaluate potential security solutions, including product evaluations, pilots and proof of concept
  • Review system design to identify IT Security risks and provide mitigation measures- Develop and maintain Baseline Security Standards (BSS) for servers, databases, network devices and monitoring tools
  • Conduct periodic BSS compliance assessment against servers, databases, network equipment and monitoring tools
  • Conduct Penetration Test, Source Code Vulnerability Assessment and Vulnerability Assessment (VA)
  • Review threat intelligence reports to identify threats and take appropriate actions to improve the security posture
  • Assist Technical Project Manager to manage the implementation and operation of Information Security projects.

Requirements

  • Bachelor Degree in Computer Science or System Security and related studies.
  • Minimum 5 years of relevant experience in area of IT security and network domains: VPN, firewall, network/user authentication, intrusion detection, disk/file encryption, vulnerability assessment/mitigation, risk assessments, platform hardening, network switches and routers
  • Experience in conducting security assessments using commercial and open-source host-scanning tools, network-scanning tools, application and database vulnerability assessment tools
  • Good knowledge of industry best practices and frameworks pertaining to IT Controls (IM8, MAS TRM Guideline, ISO27001/2 etc.)
  • Preferably has experience in two or more of the following tools: (BurpSuite, Qualys, AppScan, Fortify, Solarwinds, Nessus, Nexpose, Tripwire etc.)
  • Preferably possess one or more appropriate IT security certifications, such as CISSP, CISM, CRISC, CEH, OWASP, GPEN, GWAPT, OCSP, CSSLP
  • Excellent interpersonal, presentation and communication skills.