A great opportunity to work as a Security Operations Lead in providing security consultancy and architecture review to application teams for new projects and enhancement, to respond promptly and decisively against security threats, conduct vulnerability assessment, and implement improvement programs.
- Degree in Information Technology, Computer Engineering, Computer Science Or Information Systems;
- At least 6 years of working experience in managing, maintaining and supporting IT infrastructure operations & hosting environments;
- Experience in security tools such as BurpSuite, Qualys, Appscan, Fotify, Solarwinds, Nessus, Nexpose, Tripwire;
- Knowledge of security best practices, secure coding practice guidelines, IM8, OWASP, CoBIT framework, ISO 27001/2, MAS TRM Guidelines;
- Good experience and expertise in Stakeholder management, Vendor management, Incident & Change management, Risks and Issue Management;
- Keen interest and knowledge on cyber security technologies and malware analysis;
- Strong leader with strong interpersonal and communication skills.
- IT Security certifications, such as CISSP, CRISC, CSSLP, CEH;
- Lead in defining and implementing of the secure infrastructure for the organisation to support the enterprise-wide network and platforms;
- Responsible for the technical design and security baseline specific to security for the infrastructure elements (Server, Database, Networking, Wireless infrastructure, Applications);
- Responsible to provide security consultancy and architecture review to application teams for new projects and enhancement;
- Conduct Penetration Test, Source Code Vulnerability Assessment and Vulnerability Assessment (VA);
- Responsible to conduct vulnerability assessment using commercial and open-source hosting-scanning tools, network-scanning tools, application and database vulnerability assessment tools;
- Identify security gaps, perform threat risk assessments and propose mitigating measures as well as security improvement programs;
- Participate in incident response lifecycle that includes performing assessment of current infrastructure defences against identified threats and proposing mitigating measures;
- Partner with various vendors on evaluation of security technologies including laboratory setup and proof-of-concepts;
- Provide consolidated executive dashboards, presentation and communication decks on various security assessments and industry updates.