Senior/Associate Engineer (Cyber Security)

Responsibilities

• Review and development of security framework, information security policies, processes / procedures and guidelines on an ongoing basis.
• Work with vendor to conduct security assessments and penetration tests.
• Identify security gaps, perform threat risk assessments in current setup and propose mitigating measures.
• Standardize and refine security incident response and escalation processes.
• Mitigate and contain threats when detected.
• Escalate security incidents and non-compliances on a timely basis.
• Work with IT infrastructure team to evaluate, implement and enhance the network perimeter security, endpoint security, SIEM, secured remote access, MFA, Identity Access Management and Privileged Access Management.
• Monitor information security alerts triage, mitigate, and escalate issues as needed.
• Provide security advisory to end users on regular basis.
• IT Security Management of various aspects, e.g., network security, server security, application security, endpoint security, email security, physical access security, logical access security, etc.
• Keep abreast of industrial IT security advancements and introduce appropriate security enhancements to IT infrastructure and systems.
• Attend to any other reasonable duties as assigned by the Senior Cyber Security & IT Governance Manager and IT Director.

Requirements

• Degree in engineering, science or information technology, or equivalent education with 3-5 years of related work experience in cybersecurity management and security governance.
• Candidates with additional experience will be considered for the Senior Cyber Security Analyst position.
• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPD, firewall), security incident response and security assessment.
• Strong understanding of ISO27001 standard.
• Hands-on experience with at least 4 of the following IT Security Tools:
  • Next Generation Firewall (e.g., FortiGate, Palo Alto, Cisco FirePower)
  • SASE (Zscaler, Netskope, Skyhigh)
  • Tenable Security Center Continuous View
  • Endpoint Protection (e.g., Symantec, Trend Micro, Sophos Endpoint)
  • Email Security (e.g., Mimecast, ProofPoint, Cisco Email Security)
  • Data Loss Prevention (e.g., Symantec, ForcePoint, Digital Guardian)
  • SIEM (e.g., Splunk, QRadar)
  • CyberArk PAM and IAM
• Understand Risk Management, Disaster Recovery, Business Continuity and IT Regulatory Compliance.
• Good command of written and spoken, excellent interpersonal and communication skills.
• Pro-active, independent, resourceful, able to work in a team environment and work independently with minimal supervision.
• Work well with all functional levels in the organization.
• CISSP, CISM, CISA or equivalent IT security certifications will be advantageous.
• Prior IT security consulting and/or IT Network experience will be advantageous.

All Successful candidates can expect a very competitive remuneration package and a comprehensive range of benefits.

We regret that only shortlisted candidates will be notified.