- Keep abreast of Information/Cyber Security landscape and work with industry to evaluate potential security solutions, including product evaluations, pilots and proof of concept
- Review system design to identify IT Security risks and provide mitigation measures- Develop and maintain Baseline Security Standards (BSS) for servers, databases, network devices and monitoring tools
- Conduct periodic BSS compliance assessment against servers, databases, network equipment and monitoring tools
- Conduct Penetration Test, Source Code Vulnerability Assessment and Vulnerability Assessment (VA)
- Review threat intelligence reports to identify threats and take appropriate actions to improve the security posture
- Assist Technical Project Manager to manage the implementation and operation of Information Security projects.
- Bachelor Degree in Computer Science or System Security and related studies.
- Minimum 5 years of relevant experience in area of IT security and network domains: VPN, firewall, network/user authentication, intrusion detection, disk/file encryption, vulnerability assessment/mitigation, risk assessments, platform hardening, network switches and routers
- Experience in conducting security assessments using commercial and open-source host-scanning tools, network-scanning tools, application and database vulnerability assessment tools
- Good knowledge of industry best practices and frameworks pertaining to IT Controls (IM8, MAS TRM Guideline, ISO27001/2 etc.)
- Preferably has experience in two or more of the following tools: (BurpSuite, Qualys, AppScan, Fortify, Solarwinds, Nessus, Nexpose, Tripwire etc.)
- Preferably possess one or more appropriate IT security certifications, such as CISSP, CISM, CRISC, CEH, OWASP, GPEN, GWAPT, OCSP, CSSLP
- Excellent interpersonal, presentation and communication skills.