Tech Security Engineer - SIEM

Tech Security Engineer Security Engineering

Job Description

The Tech Security Engineer will be responsible for implementing, maintaining, and continuously improving security measures to protect CIMB PH digital assets and information systems. This individual will play a vital role.

Ensuring Compliance

• Ensuring compliance with CIMB's minimum baseline security configuration, industry standards, such as ISO 27001, PCI-DSS, NIST Cybersecurity Framework and related regulatory guidelines.

Managing the security technology platforms

• Deploying, configuring and maintaining security technologies

Performing operational procedures

• Ensuring the confidentiality, integrity, availability, and optimal performance of security platforms supporting business-critical systems.

Mitigating security risks

• Conducting threat assessments, vulnerability scans, and incident response activities to identify and address security threats.

Conducting security Assessments

• Assessing the security posture of security platforms and recommending improvements.

Contributor to design and development and implementation of security solutions and platform

Security Architecture

• Contribute to the design and implementation of security architectures, ensuring that systems and applications meet industry best practices and regulatory standards.

Security platform development

• Participate in the development and deployment of security platforms, including firewalls, intrusion detection systems, and vulnerability management tools.

Continuous improvement

• Work collaboratively with development, operations, and other teams to ensure that security is integrated into the software development lifecycle.

This role will specialize in Data Loss Prevention, Endpoint/Xtended Detection and Response, Security Incident Event Management, User Access Management Privilege Access Management and other security platform as needed.

Responsibilities:

Security Compliance:

• Ensuring compliance to the industry standards, such as ISO 27001, PCI-DSS, NIST Cybersecurity Framework and related regulatory guidelines
• Ensuring compliance with CIMB IT Security standard and adherence to the minimum baseline security configuration
• Conduct Verification of all IT assets (Ex. Servers, Workstation, Network, etc.) adherence to the minimum baseline security configuration based on the established frequency.
• Report and Monitor progress of adherence to the minimum baseline security configuration
• Collaborate with both internal and external teams to implement the required security compliance controls and best practices to adhere to CIMB IT Security standards.
• Contribute on development and enforcement of security policies, standards, and procedures

Security Platform (Design, Build and Operate)

Data Loss Prevention (DLP)

• Design, implement, and manage DLP solutions to prevent unauthorized disclosure or loss of sensitive data.
• Develop and enforce policies for data handling and classification.
• Monitor and analyze data and network traffic for potential data security incidents.
• Collaborate with cross-functional teams to integrate DLP measures seamlessly into existing systems.

Endpoint/xtended Detection and Response (eDR/xDR)

• Design, implement, and manage eDR/xDR solutions for detection and response
• Evaluate eDR/xDR platform on their capabilities, compatibility and cost-effectiveness
• Define data collection and correlation rules to identify potential threats.
• Deploy and configure eDR/xDR and agents and sensors across the organization infrastructure (internal/externa).
• Integrate eDR solutions with existing Secuity tools and systems.
• Ensure data privacy and compliance with relevant regulations.
• Monitor eDR/xDR system for performance and effectiveness
• Assist the investigation and respond to security incidents.
• Partner with SOC/CERT Team to establish incident response workflows and playbooks.
• Develop and maintain custom rules and playbooks to automate threat detection and response.
• Fine-tune eDR/xDR rules and playbooks based on evolving threat landscapes
• Manage and update eDR software and configurations.
• Provide training and support to security analysts and incident responders.
• Measure the effectiveness of the eDR/xDR solution and make necessary adjustments.

Security Incident Event Management (SIEM)

• Design, implement, and manage SIEM solutions to prevent unauthorized disclosure or loss of sensitive data.
• Develop and enforce policies for data handling and classification.
• Monitor and analyze network traffic for potential data security incidents.
• Collaborate with cross-functional teams to integrate DLP measures seamlessly into existing systems.

User Access Management (UAM)

• Oversee the provisioning and de-provisioning of user accounts and access rights.
• Implement and enforce access control policies in accordance with security best practices.
• Conduct regular access reviews and audits to ensure compliance with security policies.
• Provide user education and support on access management processes.

Privilege Access Management (PAM)

• Implement and manage PAM solutions to control and monitor privileged access to critical systems.
• Define and enforce policies for privileged account usage and access.
• Conduct regular privileged access reviews and audits.
• Work closely with IT and system administrators to secure and manage privileged accounts.

Security Architecture

• Collaborate with the security architecture team to integrate DLP, SIEM, eDR/xDR, PAM, and UAM solutions into the overall security framework.

Incident Response

• Respond to and investigate security incidents related to data breaches, unauthorized access, or policy violations.

Policy Development

• Contribute to the development and enhancement of security policies and procedures related to Minimum baseline security configuration, DLP, SIEM, eDR/xDR, PAM, and UAM.

Collaboration:

• Work closely with IT teams, system administrators, and other stakeholders to implement and maintain security measures.

Security Awareness and Training:

• Conduct security awareness training for employees to promote a culture of cybersecurity.
• Provide training and awareness programs to educate employees on security best practices and compliance with access management policies.

Documentation:

• Maintain accurate and up-to-date documentation of security configurations, incidents, and response activities.

Requirements:

Education

Bachelor's or master's degree in computer science, Information Technology, Cybersecurity, or a related field.

Professional Certification & Licenses

• Professional Security certifications such as Security+, CISSP, CISM, or CISA is highly desirable.
• Other Security Certification related to platform Cloud, SIEM, DLP, eDR/xDR are highly desirable

Work Experience

• Proven experience (> 5 years) in technology security roles, with a focus on DLP, SIEM, eDR/xDR, UAM, and PAM.
• In-depth knowledge of security configuration, security controls, security protocols, encryption techniques, and access control measures.
• Familiarity with industry standards and best practices in data security.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities

Knowledge Areas

• As required in the Key Responsibilities

Competencies/Skills

• As required in the Key Responsibilities

Personal Attributes

• He/she must be fit and proper for the position, and in this regard, the following shall be considered:
• Integrity/probity,
• Physical and mental fitness,
• Competence,
• Relevant education and financial literacy training,
• Diligence, and
• Knowledge/experience.
• He/she must be a member of good standing in the relevant industry, business or professional organization
• Proven ability to establish internal and external relationships across all levels

Work Setup:

Shift: Dayshift

Setup: Hybrid

Location: Taguig

By Applying, you give consent to collect, store, and/or process personal and/or sensitive information for the purpose of recruitment and employment may it be internal to Cobden & Carter International and/or to its clients.