Senior Security Engineer

The Senior Security Engineer is responsible for strengthening the organisation's cybersecurity posture, ensuring compliance with cybersecurity regulations, and supporting the development and execution of IT security strategies, policies, and operations.

Responsibilities

• Develop, implement, and communicate IT security strategies, policies, and procedures.
• Evaluate emerging threats and recommend suitable security technologies and policy improvements.
• Provide security updates, reports, and advisories to IT management.
• Conduct cybersecurity awareness training for IT and non-IT staff.
• Lead and manage IT security projects, from planning to delivery, ensuring timelines and objectives are met.
• Collaborate with stakeholders, department teams, and management to support project execution.
• Provide technical security consultancy and integrate frameworks such as NIST, ISO 27001, COBIT, and ITIL.
• Monitor cybersecurity infrastructure, detect anomalies, and support daily security operations.
• Handle incident response, digital forensics, threat analysis, and security assessments.
• Review application and cloud security designs and recommend necessary controls.
• Work closely with digital infrastructure teams and liaise with vendors on security systems.
• Stay updated on new vulnerabilities, threats, technologies, and security trends.
• Support internal and external audits and manage remediation of findings.
• Conduct periodic audits on servers, networks, and workstations.
• Perform vulnerability assessments, penetration testing, and risk assessments.
• Ensure alignment with cybersecurity frameworks including ISO 27001, NIST, and Cyber Trust Mark.

Requirements

• Degree in Computer Science or related field with 4-8 years of IT security experience.
• Preferably certified in CISSP and CISM, with strong knowledge of NIST, ISO 27001, and cybersecurity best practices.
• Experience in SOC operations, threat detection, threat management, SIEM, SOAR, and EDR technologies.
• Proven ability to manage and deliver IT infrastructure and security projects across cross-functional teams.
• Strong technical skills in incident response, digital forensics, malware analysis, threat intelligence, threat hunting, cloud security, vulnerability management, and penetration testing.
• Solid understanding of web application security, including OWASP Top 10, XSS, and SQL injection.

To apply:

If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060