Senior Cybersecurity Engineer
IDEMIA Public Security, a division of IDEMIA Group, is the premium provider of trusted biometric solutions that revolutionize public security and identity, travel and transport, and access control. Our solutions—designed using advanced security features and encryption technologies—enable our clients to build safer and fairer societies where people can live, interact, and move freely.
Role Purpose:
This specialist role is required to have technical expertise across multiple cybersecurity verticals and technologies to perform security risk assessments, security operations, security architecture reviews so as to meet cybersecurity and risk requirements for our proposed solutions.
Work with partners in the conduct and review of comprehensive security assessments and penetration tests for customer's ICT systems operating in on-premises and managed hosting environments.
Identify security and compliance gaps, perform threat risk assessments in current setup and propose mitigating measures.
Standardize and refine security incident response and escalation processes.
Develop and recommend appropriate mitigation countermeasures in operational and non-operational situations.
Collate data points from various stakeholders for security scorecard reporting and provide actionable insights.
Work with IT Infrastructure team to evaluate, implement and enhance the network perimeter security, endpoint security and hardening, SIEM, patch management, MFA, and Privileged Identity/Access Management (PIM/PAM).
Work with Software team in the conduct of SAST, DAST, Source Code Review, Software Composition Analysis, Secure Configuration Review, etc.
Monitor information security alerts, triage, mitigate, and escalate issues as needed on a timely basis.
Provide security advisory to stakeholders on a regular basis.
Manage various aspects of IT Security, e.g. network security, server security, application security, endpoint security, email security, physical access security, logical access security, etc.
Keep abreast of IT/OT security advancements and introduce appropriate security enhancements to customer's system implementations.
Travel to customer's sites on an ad-hoc basis for cybersecurity-related reviews and implementations.
Requirements
Degree or Diploma in engineering, science or information technology, or equivalent education.
Preferably 5 years of related work experience in cybersecurity analyst/engineer.
At least 3 years of proven experience, specializing in the conduct of security assessments with expertise in tools, methodologies (e.g., OWASP, NIST, MITRE ATT&CK), and industry frameworks.
Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), conduct of security assessment with CREST-certified third parties (vulnerability assessment, penetration testing, static application analysis, source code review, secure configuration review), application security, security technologies, security incident response.
Attain basic understanding in industry security standards such as NIST, ISO/IEC 27001/2, CIS Controls, PDPA. Knowledge of IM8 will be advantageous.
Proficient in at least 3 of the following IT security tools:
Next Generation Firewall (e.g., FortiGate, Palo Alto, Cisco FirePower)
Tenable Security Center
Endpoint Protection (e.g., Trellix, SCCM, Ivanti)
Data Loss Prevention
SIEM (e.g. Splunk, Elastic, etc)
Python
Ansible
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
