Report to: IT Security Assistant Manager

Key Accountabilities:

1. Security Architecture and Implementation: Design and implement comprehensive security architecture to protect computer systems, networks, and sensitive information. Deploy and manage security technologies such as SIEM, SOC, IDS/IPS, Firewalls, Web Gateway, Endpoint Protection, WAF, DLP and NAC. Ensure continuous monitoring and adjustment of these measures.

2. Vulnerability Assessment: Plan and conduct regular vulnerability scans and penetration tests to identify security gaps. Evaluate results, prioritize risks, and implement remediation actions to address identified vulnerabilities and strengthen security defenses.

3. Threat Defense: Establish and manage robust defense mechanisms to protect IT infrastructure from unauthorized access, data breaches, modifications, and destruction. This includes continuously monitoring and defending against both internal and external threats.

4. Incident Response: Develop and maintain an incident response plan. Detect, assess, and respond swiftly to security incidents to minimize damage and prevent recurrence. Conduct thorough post-incident analysis to determine the root cause and impact and prepare detailed reports on security breaches and lessons learned.

5. Security Solutions Research: Conduct research to identify, evaluate, and recommend security solutions and technologies that address current and emerging threats. Analyze industry trends, security frameworks and best practices to ensure the organization adopts effective and up-to-date security measures.

6. Access Review: Periodically review user access (monthly or semi-annually) to ensure access controls are appropriate and align with security policies and best practices. Make necessary adjustments to access rights to prevent unauthorized access.

7. Risk Assessment and Mitigation: Conduct comprehensive Security risk assessments to identify potential vulnerabilities and threats. Analyze and prioritize risks, present findings to stakeholders, and develop and implement strategic mitigation plans to reduce risk exposure and enhance overall security posture.

8. Security Policy Development: Develop, review and continuously update cybersecurity policies and standards to ensure they align with industry’s best practices, compliance requirements, and regulatory frameworks at local, state, and federal levels. Establish guidelines for secure system configurations, incident response, user access and data protection.

Requirements:

• Bachelor’s degree in computer science, Information Systems, Cybersecurity, or a related field.
• Preferred certifications include CompTIA Security+, CEH or equivalent are highly preferred.
• At least 5 years of experience in Cybersecurity.
• Strong technical expertise with Endpoint Protection, Web Gateway, WAF, SIEM and SOC.
• General understanding of security frameworks such as ISO 27000, NIST, MITRE ATT&CK and PCI-DSS.
• Experience in incident response and risk mitigation is preferred.
• Strong analytical, communication, and collaboration skills with a commitment to continuous learning and adaptability.

Benefits:

• Competitive salary (100% salary during probation)
• Bonus: 13th-month salary and the performance-based bonus of up to 30% of the total annual package
• Full social insurance, personal accidental & health care insurance, group life insurance (death and dismemberment)
• Gifts for new comers and on special occasions
• Modern facilities in the spacious office
• 15 Annual leaves