The Security Analyst reports to the AVP, Technology - Security. The Security Analyst is responsible for security operations of the security programmes across the Company. This includes security hardening standards formulation, security incident response, technical architecture review, as well as management of vendor-managed security services.
- Establish a security assurance framework and programme to identify the secure level of IT systems
- Conduct automated and manual vulnerability assessment, penetration testing, code review and host configuration check
- Vulnerability Management: Identify vulnerabilities in application and infrastructure systems, track and validate the closure of vulnerabilities, and provide reporting to management
- Manage security vendors including vendor selection, negotiation, engagement and evaluation
- Security Incident Management (Level 2)
- Vendor management of Managed Security Services (MSS)
- Develop Hardening standards as well as perform compliance checks for servers, databases and network devices
- Conduct Penetration Test, Application Source Code Vulnerability Assessment and Vulnerability Assessment (VA), review and validate the assessment reports.
- Review threat intelligence reports to identify threats and take appropriate preventive actions to improve the security posture
- Manage the implementation, deployment and operation of Cyber and Information Security projects
- Keep abreast of Information/Cyber Security landscape and work with industry to evaluate potential security solutions, including product evaluations, pilots and proof of concept
- Degree in IT or Computer Science
- Preferably possess one or more appropriate IT security certifications, such as CISSP, CRISC, CISM, CISA, CEH, GCIH, OSCP, CREST, CSSLP, GPEN, GWAPT, etc.
- Minimum 5 years' of security experience in area of IT security and network domains: VPN, firewall, network/user authentication, intrusion detection, disk/file encryption, vulnerability assessment/mitigation, risk assessments, platform hardening, network switches and routers
- Preferably has experience in two or more of the following tools: (BurpSuite, Qualys, AppScan, Fortify, Solarwinds, Nessus, Nexpose, Tripwire, SonarQube etc.)
- Hands-on experience in manual and automated security testing
- Good knowledge of security principles and technologies such as OWASP, SANS and enforcing security throughout SDLC
- Possess operational attitude, security incident management knowledge and vendor management skills
- Self-motivated. Work well as a team player.
- Excellent interpersonal, presentation and communication skills.
Arvin Clark Sikat, Sombilla EA License No.: 02C3423 Personnel Registration No.: R1222536