Senior/IT Analyst (Cyber Security)

The successful candidate will join the Team that is responsible in establishing and governing the software development and application support processes, ensuring compliant to the established policies and guidelines.

The successful candidate will have the opportunities to work on the following function(s):

Primary Function:

Responsible for Application Security, not limited to the following:

• Perform application security assessments—including SAST, SAC, DAST, and penetration testing—to identify vulnerabilities and ensure secure application development.
• Collaborate with development teams to integrate security requirements throughout the software development lifecycle.
• Establish, promote, and enforce secure coding standards and best practices.
• Develop, implement, and maintain security policies and standard operating procedures.
• Partner with infrastructure teams to embed security into infrastructure architecture and design.
• Design, develop, and maintain security monitoring tools, including integration with external APIs.
• Coordinate and conduct penetration testing and vulnerability assessments in collaboration with external vendors.
• Stay current with emerging trends, tools, and technologies in application security.
• Investigate application security issues identified by automated scanning tools or reported by the Security Operations Centre (SOC).
• Plan and execute phishing simulations and deliver security awareness training programs.

Secondary Function:

The team is also responsible for the following functions, and the successful candidate may be assigned to support these areas:

• Managing and configuring infrastructure security monitoring and vulnerability management systems.
• Assisting the Network team in identifying machines that have not been patched in a timely manner.
• Verifying the completeness of remediation actions reported by the SOC.
• Supporting incident response efforts in collaboration with vendors to contain and eliminate threats.
• Identifying vulnerabilities in end-user devices and mitigating risks from potentially malicious devices.
• Assisting in the preparation of quarterly management reports on organization's security posture.

Technical Requirements:

Tertiary education with working experience/knowledge in the following area:

• Understanding of the SDLC and agile process.
• Strong knowledge of web application security concepts such as OWASP Top 10, SAN25.
• Knowledge with security assessment tools such as Burp Suite, Rapid7, Scorecard, etc.
• Knowledge of programming languages such as Java, C#, Python, or Ruby.
• Knowledge of scripting languages such as PowerShell, Python, or Bash.
• Excellent communication and collaboration skills.
• Knowledge in Cloud technologies.
• Knowledge with containerization tools and orchestration (Docker, Kubernetes, Helm).

Other Requirements:

• Strong analytical and problem-solving skills.
• Organised and able to handle multiple projects concurrently.
• Collaboration with users, product owners and development teams to deliver solutions.
• Self-motivated to pick up skills required to support the project requirement.
• Must have good command of English written, verbal and presentation skills.
• Proactive, out of the box thinker, detail oriented with strong organizational, analytical and problem-solving skills.
• Self-starter, both a team player yet able to work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
• Software engineer who has interest in Application Security can also apply.