Senior Security Engineer, Office of Integrated Information Technology Services

Singapore Management University is a place where high-level professionalism blends together with a healthy informality. The 'family-like' atmosphere among the SMU community fosters a culture where employees work, plan, organise and play together - building a strong collegiality and morale within the university. Our commitment to attract and retain talent is ongoing. We offer attractive benefits and welfare, competitive compensation packages, and generous professional development opportunities - all to meet the work-life needs of our staff. No wonder, then, that SMU continues to be given numerous awards and recognition for its human resource excellence.

• IT Security Management
  • Responsible for Cybersecurity compliance in accordance with Cybersecurity Act requirements for Entities of Special Cybersecurity Interest (ESCI) and maintaining MOE's security posture for IHL as well as providing related updates & reports.
  • Assist in IT Security policy formulation, management, and planning. Develop the security strategy suited for SMU.
  • Assist in developing and implementing IT Security policies and related procedures to protect SMU IT infrastructure as well as communicate these policies within SMU.
  • Evaluate and recommend security policy, or technologies to address ongoing IT security threats and trends.
  • Communicate key security developments and activities to IT management, including escalations of security matters, proposing solutions or recommendations.
  • Educate, demonstrate and create awareness to both IT and Non-IT staff on the security area.
• IT Security Project and Consultancy
  • Responsible for managing new IT Security projects following set project management methodology, liaising with the respective stakeholders to ensure proper completion of project deliverables, and regular communication within the team and its business owners.
  • Responsible for managing IT Security projects for existing infrastructure that include enhancements and new system implementation to be delivered within project timelines.
  • Assist Head of Digital Infrastructure and Head of Cybersecurity in managing all IT Security tasks and projects ensuring the proposals, objectives and plans are properly evaluated and executed successfully.
  • Work with other team members and other departments to support and provide consultancy on IT security related issues.
  • Provide technical security consultation and integrate standard security practices such as COBIT, ITIL, NIST, ISO27001/2 and ISO17799 into operations and development environment.
• IT Security Operations
  • Responsible for cybersecurity infrastructure monitoring to detect and investigate anomalies, ensuring the University remains secure and protected at all times.
  • Work with Digital Infrastructure teams to ensure that daily IT Security operation running smoothly.
  • Assist in managing and handling of all IT security incidents.
  • Assist in security assessments, security forensics, incident management of requested or planned IT implementations such as identifying and classifying risks, threats, vulnerabilities in relation to SMU's IT security policies.
  • Advise and review application security design to detect potential security issues; design and implement cloud security measures.
  • Perform daily IT Security related operations support for IT Security systems as well as liaising with vendors on all IT Security related Infrastructure matters.
  • Stay informed on emerging IT security trends and newly discovered system and network vulnerabilities and provide timely advice to the relevant system administrators.
  • Keep abreast with the latest IT Security technologies, methodologies, news and warnings.
• Audit (ISO27001 & NIST)
  • Work with Internal and External auditors to facilitate auditing of IT and manage the resolution of findings when required.
  • Conduct random audits of IT equipment including controls on servers, network and workstations when required.
  • Conduct vulnerability assessment, penetration testing and risk assessment using various scanning and penetration tools when required.
  • Alignment ISO27001, Cyber Trust and NIST framework as per MOE requirement.
• Any other duties as assigned.

• Degree or Diploma holder in Computer Science or equivalent / IT background.
• At least 5 to 7 years of relevant working experience in IT Security management such as roles in Security Operation Centre, detection engineering, threat management, as well as experience working with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) or Endpoint Detection and Response (EDR) technologies.
• Proven track record of delivering IT infrastructure & security projects involving cross-functional teams and/or matrix organizations with responsibility for budget, scope and schedule.
• Technically proficient with expertise and skills in incident response, digital forensics, malware analysis, threat intelligence, threat hunting, cloud security, vulnerability management and penetration testing.
• A CISSP (Certified Information Systems Security Professionals) and CISM (Certified Information Security Manager) qualifications with good knowledge of cybersecurity standards such as NIST, ISO 27001, Cyber Trust Mark, other cybersecurity best practices, and risk assessment with analytical skill.
• Sound knowledge in web application vulnerabilities such as OWASP Top 10, Cross-site Scripting, application security and SQL injections.
• Strong technology and common business acumen.
• A self-starter, always striving for excellence, innovative with service-oriented mindsets and initiative to improve processes.
• Attention to details and sound decision-making abilities.
• Independent, with initiative, positive attitude, and keen interest in exploring the areas of IT security.
• Good interpersonal verbal and writing skills.

Candidates who do not possess the stipulated qualifications but have relevant work experience may still apply. Remuneration and appointment terms shall commensurate with qualifications and experience. SMU reserves the right to modify the appointment terms where necessary.

Please note that your application will be sent to and reviewed by the direct employer - Singapore Management University