Health Safety Officer jobs in Malaysia

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Job Openings (B) Sr. Security Consultant, Threat & Vulnerability Management

Job Title : Sr. Security Consultant, Threat & Vulnerability Management

Job Description:

This role is an excellent opportunity in IT Security, ideally someone with strong technical IT security skills as a core competency. The secondary, non-technical skills would be a plus. An ideal person would be someone who is passionate about IT security and can act as a subject matter expert in all aspects of IT security. This person will carry a consultant mindset, ready to accept new challenges, and support IT security functions at a group level to serve global markets. This person is also required to have the ability to manage and implement IT security projects, bring forward fresh ideas to improve overall IT security maturity in the organization.

Job Responsibilities:

• Provide technical expertise required to carry out internal and external security assessment exercises.
• Perform vulnerability assessment, penetration testing, web and mobile application testing, source code review and wireless network assessments.
• Manage and participate in all stages of a Vulnerability Management including planning, scanning, tracking and remediation.
• Champion security research activities and planning required to carry out successful vulnerability assessment operations.
• Create and provide executive reports and presentations to non-technical audience, highlighting outcomes of security assessment exercises, recommendations and remediation timelines.
• Work with external parties to coordinate and / or conduct security assessments.
• Support compliance objectives; to meet BNM and PCI-DSS standards.
• Define and develop agenda for training and educating security professionals on Application Pentesting.
• Improve, update and maintain SOP and Security Assessment Guidelines.
• Support VA related Operational Readiness activities required for new assets.
• Assist in on-going audit exercises and act as a pivotal person to handle audit inquiries coming from external auditors and business units
• Bachelor's degree in Computing/Information Technology or equivalent
• The incumbent should preferably have 3-5 years of experience in a Banking industry or similar environment, e.g. a demanding service industry where employees are able to work under pressure.
• 3-5 years' experience in at least three of the following:
• Network penetration testing and manipulation of network infrastructure
• Mobile and/or web application assessments Vulnerability Assessment
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
• Reverse engineering malware, data obfuscators, or ciphers
• Source code review for control flow and security flaws
• Be fluent with common security vulnerabilities, design and configuration flaws, and security best practices.
  
• Strong knowledge of tools used for wireless, web application, and network security testing.
  
• Experience with one or more security tools and products (Nessus, Qualys, Acunetix, Kali, Metasploit, Nmap, Burpsuite, etc.)
  
• Demonstrate proficiency in performing application security testing using both automated and manual approaches;
  
• Thorough understanding of network protocols, data on the wire, and covert channels.
  
• Mastery of Unix/Mac/Windows operating systems, including bash, and Powershell.
  
• Highly self-motivated and driven.
  
• Ability to act calmly and competently in high-pressure, high-stress situations and Standby.
  
• Ability to document and explain technical details in a concise, understandable manner.
  
• Strong presentation skills with proven ability to successfully interface with and influence at all levels (management, executive, technical staff and end user).
  
• Possess Any of the following security certifications: OSCP, OSCE, CISSP, CISM, GIAC (GXPN, GWAPT, GPEN, GMOB), CREST Certified Simulated Attack Specialist (CCSAS), CREST Registered Penetration Tester (CRPT)
  
• Strong oral and written communication skills in English are required.
  
• Ability to translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders.