Careers

General Description

An IT Security Analyst is responsible for ensuring corporate applications, systems, networks, and digital assets are adequately protected and mitigated against cyber threats and risks. He/she monitors the computer networks for security issues, install security software, and document any security issues or breaches found. He/She will help lead cybersecurity and risk management efforts within the Group.

Key Responsibilities

• Manage endpoint protection solution, monitor IT Security alerts and escalate issues as needed

• Install security measures and operate software to protect systems and information infrastructure, including firewalls, IPS/IDS, Anti-malware and data encryption programs hosted onsite or in the cloud.

• Develop and maintain IT Security policy, procedure and documentation

• Perform routine IT Security assessments such as Vulnerability Scan and Penetration Testing and track remediation status of detected vulnerabilities to maintain a high-security standard.

• Conduct readiness preparation for internal and external IT Security audit

• Prepare security reports and dashboard as per routine schedule

• Adhere to IT Security best practices, compliance and regulatory requirements, e.g. OSPAR, MAS TRM, PDPA, ISO 27001

• Research security enhancements and make recommendations to management.

• Stay up-to-date on information technology trends and security standards.

Job Requirements

• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPS, firewall), security incident response and security assessment

• Knowledgeable of various standards and regulations (ISO 27001, PCI, NIST, CIS, OSPAR, MAS TRM etc)

• Hands-on experience with computer network penetration testing and techniques to identify and mitigate network vulnerabilities and explain how to avoid them.

• Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.

• Strong  in-depth working knowledge and understanding of secure application development techniques (design and coding), Agile, DevSecOps and securing cloud technologies

• Hands-on experience at least 6 of the following IT Security Tools:

– Next Generation Firewall (e.g., FortiGate, Palo Alto, Cisco FirePower)

– Vulnerability and Penetration Testing (Tenable Nessus, Nexpose, Kali, Metaspoilt, SAST etc)

– Endpoint Protection (e.g., Symantec, Trend Micro, Sophos Endpoint)

– Email Security

– Data Loss Prevention (e.g., Sophos Symantec, ForcePoint, Digital Guardian)

– SIEM (e.g.ArcSight, Splunk, QRadar)

– Security and Log Monitoring (e.g. Darktrace, Zabbix, Nagios )

– Cloud Security (Azure, AWS)

– Cryptography and Public Key Infrastructure (PKI)

– Identity and Access Management (CyberArk, Zero-Trust implementation)

Qualifications

• Degree in Computer Science Computer Engineering or equivalent

• Professional security certifications (Security+, OSCP, CCSP, GPEN, CEH etc) preferred.