Senior Security Engineer

Our client is actively searching for a Senior Security Engineer to join their team!

If you are a dynamic individual seeking a new career opportunity, read further!

The responsibilities of this role are:

IT Security Management

• Responsible for Cybersecurity compliance in accordance with Cybersecurity Act requirements for of Entities of Special Cybersecurity Interest (ESCI) and maintaining MOE's security posture for IHL as well as providing related updates & reports
• Assist in IT Security policy formulation, management, and planning. Develop the security strategy suited for the University
• Assist in developing and implementing IT Security policies and related procedures to protect University's IT infrastructure as well as communicate these policies within the University
• Evaluate and recommend security policy, or technologies to address ongoing IT security threats and trends
• Communicate key security developments and activities to IT management, including escalations of security matters, proposing solutions or recommendations
• Educate, demonstrate and create awareness to both IT and Non-IT staff on the security area.

IT Security Project and Consultancy

• Responsible for managing new IT Security projects following set project management methodology, liaising with the respective stakeholders to ensure proper completion of project deliverables, and regular communication within the team and its business owners
• Responsible for managing IT Security projects for existing infrastructure that include enhancements and new system implementation to be delivered within project timelines
• Assist Head of Digital Infrastructure and Head of Cybersecurity in managing all IT Security tasks and projects ensuring the proposals, objectives and plans are properly evaluated and executed successfully
• Work with other team members and other departments to support and provide consultancy on IT security related issues
• Provide technical security consultation and integrate standard security practices such as COBIT, ITIL, NIST, ISO27001/2 and ISO17799 into operations and development environment.

IT Security Operations

• Responsible for cybersecurity infrastructure monitoring to detect and investigate anomalies, ensuring the University remains secure and protected at all times
• Work with Digital Infrastructure teams to ensure that daily IT Security operation running smoothly.
• Assist in managing and handling of all IT security incidents
• Assist in security assessments, security forensics, incident management of requested or planned IT implementations such as identifying and classifying risks, threats, vulnerabilities in relation to SMU's IT security policies
• Advise and review application security design to detect potential security issues design and implement cloud security measures.
• Perform daily IT Security related operations support for IT Security systems as well as liaising with vendors on all IT Security related Infrastructure matters
• Stay informed on emerging IT security trends and newly discovered system and network vulnerabilities and provide timely advice to the relevant system administrators.
• Keep abreast with the latest IT Security technologies, methodologies, news and warnings.

Audit ( ISO27001 & NIST )

• Work with Internal and External auditors to facilitate auditing of IT and manage the resolution of findings when required
• Conduct random audits of IT equipment including controls on servers, network and workstations when required
• Conduct vulnerability assessment, penetration testing and risk assessment using various scanning and penetration tools when required
• Alignment ISO27001, Cyber Trust and NIST framework as per MOE requirement.

The ideal candidate will need to have the following qualities and experience:

• Degree in Computer Science or equivalent / IT background with at least 5 -7 years of relevant IT Security management experience
• A CISSP (Certified Information Systems Security Professionals) & CISM (Certified Information Security Manager) qualification and knowledge of ISO 27001/2 and NIST will be preferred.
• At least 5 - 7 years of relevant working experience in IT Security management such as roles in Security Operation Centre, detection engineering, threat management, as well as experience working with Security Information and Event Management (SIEM),Security Orchestration, Automation, and Response (SOAR) or Endpoint Detection and Response (EDR) technologies.
• Proven track record of delivering IT infrastructure & security projects involving cross-functional teams and/or matrix organizations with responsibility for budget, scope and schedule.
• Technically proficient with expertise and skills in incident response, digital forensics, malware analysis, threat intelligence, threat hunting, cloud security, vulnerability management and penetration testing.
• A CISSP (Certified Information Systems Security Professionals) and CISM (Certified Information Security Manager) qualifications with good knowledge of cybersecurity standards such as NIST, ISO 27001, Cyber Trust Mark, other cybersecurity best practices, and risk assessment with analytical skill.
• Sound knowledge in web application vulnerabilities such as OWASP Top 10, Cross-site Scripting, application security and SQL injections.
• Strong technology and common business acumen.
• A self-starter, always striving for excellence, innovative with service-oriented mindsets and initiative to improve processes.
• Attention to details and sound decision-making abilities.
• Independent, with initiative, positive attitude, and keen interest in exploring the areas of IT security.
• Good interpersonal verbal and writing skills.

An exciting career awaits the right candidate! Click Quick Apply to register your interest now.

All applicants CV will be treated with the strictest confidentiality. We regret to inform that only shortlisted candidates will be contacted.