IT Security Analyst

Job Description

Date:
31 Jul 2023
Location:
Company:
General Description

An IT Security Analyst is responsible for ensuring corporate applications, systems, networks, and digital assets are adequately protected and mitigated against cyber threats and risks. He/she monitors the computer networks for security issues, install security software, and document any security issues or breaches found. He/She will help lead cybersecurity and risk management efforts within the Group.

Key Responsibilities

Manage endpoint protection solution, monitor IT Security alerts and escalate issues as needed
Install security measures and operate software to protect systems and information infrastructure, including firewalls, IPS/IDS, Anti-malware and data encryption programs hosted onsite or in the cloud.
Develop and maintain IT Security policy, procedure and documentation
Perform routine IT Security assessments such as Vulnerability Scan and Penetration Testing and track remediation status of detected vulnerabilities to maintain a high-security standard.
Conduct readiness preparation for internal and external IT Security audit
Prepare security reports and dashboard as per routine schedule
Adhere to IT Security best practices, compliance and regulatory requirements, e.g. OSPAR, MAS TRM, PDPA, ISO 27001
Research security enhancements and make recommendations to management.
Stay up-to-date on information technology trends and security standards.

Job Requirements

Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPS, firewall), security incident response and security assessment
Knowledgeable of various standards and regulations (ISO 27001, PCI, NIST, CIS, OSPAR, MAS TRM etc)
Hands-on experience with computer network penetration testing and techniques to identify and mitigate network vulnerabilities and explain how to avoid them.
Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.
Strong in-depth working knowledge and understanding of secure application development techniques (design and coding), Agile, DevSecOps and securing cloud technologies
Hands-on experience at least 6 of the following IT Security Tools:
– Next Generation Firewall (e.g., FortiGate, Palo Alto, Cisco FirePower)

– Vulnerability and Penetration Testing (Tenable Nessus, Nexpose, Kali, Metaspoilt, SAST etc)

– Endpoint Protection (e.g., Symantec, Trend Micro, Sophos Endpoint)

– Email Security

– Data Loss Prevention (e.g., Sophos Symantec, ForcePoint, Digital Guardian)

– SIEM (e.g.ArcSight, Splunk, QRadar)

– Security and Log Monitoring (e.g. Darktrace, Zabbix, Nagios )

– Cloud Security (Azure, AWS)

– Cryptography and Public Key Infrastructure (PKI)

– Identity and Access Management (CyberArk, Zero-Trust implementation)

Qualifications

Degree in Computer Science Computer Engineering or equivalent
Professional security certifications (Security+, OSCP, CCSP, GPEN, CEH etc) preferred.