IT Security Engineer

Location: Singapore, Singapore

Thales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity. We are ground breaking new digital technologies such as 4G mobile communications, cryptography, cloud computing and big data for use in physical protection systems, and critical information systems. Thales established its presence in Singapore in 1973 to support the expansion of aerospace-related activities in the Asia-Pacific region. Throughout the last four decades, the company grew from strength to strength and is today involved in the primary businesses of Aerospace (including Air Traffic Management), Defence & Security, Ground Transportation and Digital Identity & Security. Thales today employs over 2,100 people in Singapore across all its business areas.

The Opportunity:

The Security Engineer helps to ensure the compliance of Thales’s solution to the "cyber-secured by design" motto. As such he/she will assist the Head Systems/IT Security in the implementation of security measures designed for Thales’ solutions. He/She may be tasked to oversee the design of security implementation relevant to his/her domain of expertise. He/She will also be required to provide guidance on the appropriate security solutions to use for tender proposals, and support bid managers in addressing the cyber-security concerns of their potential business leads. As an agile information security expert, you will also participate in the implementation of critical project security work packages.

Hence you will be expected to:

• Act as the security ‘partner’ of the agile project teams, for all question related to information security
• Contribute to information security strategy and agile security process improvement
• Ensuring fundamental requirements or state of art of specialty engineering is considered for solution element or component design and development.
• Contributing to formalization and implementation of allocated requirements to solution elements or components, to their interfaces and their verification criteria.
• Participates in solution integration and verifies that solution meets specialty requirements.

Responsibilities:

• Understand the security requirements and provide support for IT Security work packages in bids and projects
• Provide security consultancy to internal teams on their project’s/business opportunity’s security needs
• Perform security risk assessment for projects and systems and recommend appropriate mitigation measures
• Act as the technical point of contact on security matters for customers, responding to their queries and providing appropriate solutions
• Work with internal and external teams to successfully implement proposed security solutions such as host-based endpoint protection, network firewalls, SIEM, 2FA
• Perform security audit or review of a system to highlight gaps in security compliance
• Support projects’ service teams in daily operations for security such as firewall administration, OS patching, and managing security incidents

Requirements:

• Degree in Information Technology / Computer Science or equivalent
• Minimum five years’ experience in the IT Security domain
• Minimum 5 years of working experience in at least 2 of the following domains: (Application security, Network security, System security, Data security and/or Cloud security)
• Experience in securing large and critical systems is an added advantage
• Ability to work alone and in a team
• Good communicator and able to build mutually beneficial relationships with customers, partners and internal teams
• Readiness to work under time pressure and be able to adapt quickly to project demands

Technical skills:

• Technical hands-on expertise in firewalls, IDS/IPS, AV, IAM, or PIM preferred
• Strong knowledge of TCP/IP and network protocols, mobile technologies or virtualization will be advantageous
• Able to write simple shell scripts or Python/Perl scripts for security administration tasks
• Experience in secure system will be advantageous
• Good knowledge/experience in major Security Standards and Guidelines (ISO 27001, NIST, Common Criteria and/or IEC 62443).

Professional Qualifications:

• An internationally recognised professional security certification such as Certified Information Security Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) is a must and OSSTMM Professional Security Tester (OPST) and/or CREST Practitioner Security Analyst (CPSA) is good to have.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!