Assistant Manager, IT Security

Job Description:

IT Security

• Develop and implement application security processes, including identifying application security weaknesses, risk analyses, developing security strategies, and performing penetration tests/security assessment, 
• Align organizational security strategy with overall business and technology strategy
• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
• Respond immediately to security-related incidents and provide thorough remedial solutions and analysis 
• Identify security threats and risks in the operating environment, and in cooperation with the other teams, analyzes the network environment and its current state of security readiness
• Review risk assessment undertaken by the first line of defense to adhere to the company’s risk control over IT vendor/ partner
• Implement education program for user security awareness and security compliance

SecOps

• Responsible for security information and event management (SIEM), incident tracking, and threat intelligent
• Responsible for security operation automation using SOAR (Security Orchestration, Automation, and Response) for detecting vulnerability, threats and response automatically. 
• Constantly monitoring for attacks and intrusions.
• Analysis our current security measures to detect potential threats, recommending enhancements, identifying areas of weakness, and responding promptly to possible security breaches.
• Write/configure necessary scripts/ rules for vulnerability/ threats analysis and detection
• Support to prepare management updates on security risks, compliance to relevant local and group stakeholders.
• Looking for vulnerabilities and risks in hardware and software. Work closely with stakeholders to mitigate and fix within SLA.

Respond to and investigate cybersecurity incidents

• Investigate security breaches and other cyber security incidents. Document security breaches and assess the damage they cause.
• Analyze system logs, define attacking methods, collect attacker’s traces and start searching for suspect.
• Other tasks assigned by line manager.

Knowledge Skills and Experience:

• Bachelor’s degree in Computer Science, Network Engineer, Cyber Security or a related technical field.
• At least 3 years of working experience in information security or application security engineering
• Experience with incident management and response, web application penetration testing, vulnerability assessments and source code analysis
• Knowledge of web application development best practices and secure coding guidelines.
• Familiar with Security solutions such as SIEM and SOAR
• Knowledge of IT Security controls, TRM guidelines, standards ISO, CIS, NIST, OWASP is a plus