Application Security Lead Engineer / Manager, IT Security Operations

LOVE WHAT YOU DO? THERE IS A PLACE FOR YOU HERE!

Be part of our diverse and inclusive team.

Job Summary

The Application Security Lead Engineer/Manager  is responsible for ensuring the security of applications and services. This role involves leading efforts to secure application, conducting security reviews, drives security and penetration test and vulnerability remediation to meet security compliance according to corporate requirements.

Key Responsibilities

Risk Management:

• Understand and implement the corporate Risk Management Approach towards IT security.
• Serve as the 1st line of defense for proactive security discovery, the 2nd line for identifying security risks, and the 3rd line for governance of security risk posture.

Team Collaboration:

• Lead a team of IT Security engineers in managing security configuration, patch management, certificate management, firmware updates, firewall rules, and endpoint security.
• Provide guidance and support to IT teams on security best practices and remediation procedures.

Configuration Management:

• Develop and enforce guidelines for hardening security configurations on desktops, servers, and network devices.
• Manage firewall rules and develop policies to ensure compliance with standards.
• Policy Development and Compliance:
• Develop and maintain security policies, procedures, and guidelines to ensure industry compliance.
• Conduct continuous vulnerability assessments and ensure timely remediation.
• Validate security setups for system and user access, ensuring minimal rights and clear ownership of profiles/IDs.

Security Monitoring and Incident Response:

• Monitor and analyze security events and incidents.
• Participate in incident response activities, including working with cybersecurity team to coordinate with internal stakeholders and external partners as necessary.

Tool Implementation and Automation:

• Implement and manage security tools and technologies, including Rapid 7, SIEM, and SCCM.
• Automate firmware and certificate updates to minimize human intervention.

Vulnerability Remediation and Security Assessments:

• Collaborate with IT teams to identify and remediate security vulnerabilities.
• Conduct security assessments and penetration tests to identify weaknesses and recommend improvements.
• Promote secure and hardened configurations and security practices.

Industrial development and best practices:

• Stay updated on emerging security threats, vulnerabilities, and technologies through continuous learning and professional development.

Job Requirements

Education & Certification

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent work experience).
• Relevant certifications such as CISSP, CISM, CCSP, CSSLP, OSCP, or CEH are preferred.
• Knowledge of DevOpsSec and Security automation tools.

Experience

• Minimum 8 years of hands-on experience in IT Security Operations.

Technical Skills

• 5+ years of experience in application support, problem resolution, and root cause analysis.
• Proficient in ASP.NET, VB.NET, VB6, JavaScript, HTML5, JSON, Batch scripting, XML, .NET Framework 3.5+, Java.
• Proficiency in MS-SQL and Oracle RAC preferred.
• Experience with IIS web services and Windows services.
• Solid understanding of network protocols, operating systems, and IT infrastructure.
• Experience with security technologies: Firewalls/Proxy filtering, SCCM, Rapid 7, SIEM, EDR, Security Certificates, Encryption  Ciphers , IPS/IDS.
• Familiarity with industry standards and regulations (e.g., PCI DSS, ISO 27001).
• Strong analytical and problem-solving skills.

Other Prerequisites

• Promote secure and hardened configurations, security practices, and knowledge sharing and training to stakeholders.
• Excellent communication skills, both written and verbal, with the ability to convey technical subjects to less technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced environment.
• Experience with Service-Now, ITIL, and service request, incident, problem, and change management.
• Enthusiastic with a strong desire to lead and drive results.

Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.