Great opportunity to join a fast transforming and innovative organization as Information Technology (IT) Security Analyst to manage and mitigate information and security risks.
- Degree in Computer Science, Computer Engineering or Information System;
- At least 3 years of working experience in Information Technology (IT) Risk, Security and IT Systems Support environment;
- At least 2 years of manual hands-on penetration testing;
- Good programming experience in Python, Ruby, Bash, C or C++;
- Good knowledge of Data, System and Network Infrastructure security;
- Experience in performing IT Security Assessment , IT Audit and reviewing IT controls, framework, policies and standards;
- Experience in Security Monitoring, Patch Management, Hardening Review, Vulnerability Management;
- Experience in Application Security Tools (fuzzers, proxies, code analysis tools);
- Excellent communication, presentation, and advisory skills;
- Ability to work independently, manage stress and multi-task in a fast-paced environment;
- Proactive, motivated and independent.
- Certification in OSCP, CREST and GIAC;
- Experience in performing Data Collection and Digital Forensic investigation.
- Ensure IT System compliance according to Corporate Technology Risk Management policies and standards;
- Actively prevent destruction and improper disclosure of information through appropriate controls procedures;
- Mitigate risk, threats and criminal consequences to protect organization’s people, asset and information;
- Conduct basic forensic examination of hard drives, mobile devices and digital media containing sensitive data;
- Responsible to address and response to IT Security Related Incidents and Events;
- Perform Vulnerability Assessment, Penetration Testing, Platform Security and IT Security Monitoring;
- Risk assessment and its impact on technical and business;
- Perform external connections review and social engineering tests;
- Conduct periodic security access review (for privilege users);
- Develop and implement detailed security controls, test and evaluate the residual risks;
- Implement key risk indicators, provide regular reporting on IT risk and control;
- Identify regulatory changes and their impacts, implement the changes as necessary to ensure ongoing compliance.