Well-established public enterprise
• Support SP3d Information security work streams such as security analytic through Splunk, secure code review through HP Fortify, application whitelisting through MS Applocker, anti-virus for non-production through Trend Micro Deep Security
• Perform technical advisory in assigned project area for ensuring identified information security risks are mitigated and controls are implemented.
• Coordinate and conduct IS assurance activities on application software and code review to identify security exposures.
• Support and advise IT colleagues on remediation efforts.
• Coordinate and implement various security solutions and security controls.
• Support and advise IT colleagues on risk treatments.
• Work with IT teams in adopting secure programming practices throughout the system development lifecycle; and work with application and technology architects to assess the risk and impact to business of existing and future business applications implementations.
• Ensure new security solutions are setup timely while meeting club’s standard
• Ensure network security control are fully implemented and align with club’s standard
• At least 3 years working experience in IT industry with 1 year experience of information security
• Good understanding of information security, system audit, and risk management which integrated into application development lifecycle.
• Qualified professional certifications such as CISSP, CISA, CEH, CSSLP or their equivalent.
• Excellent analytical skills and ability to present technical information and statistics to enable management to make sound decisions.
• Good knowledge of security incident and event management, web, mobile and enterprise application infrastructure and design. Good understanding of data analytics and visualization
• Excellent analytical skills and ability to present technical information and statistics to enable management to make sound decisions.
• Knowledge and experience of Windows, Linux, AD, Group Policy, Network, Firewall, Splunk, Applocker and Trend Micro Deep Security
• Knowledge of vulnerability scanners, security testing tools and methodologies would be desirable.
• Knowledge of programming language such as C, Java or system scripting would be an advantage.
• Knowledge and experience of application penetration test
• Experience of source code review and knowledge of OWASP Top 10 vulnerability scanning would be an advantage.
