AlamatPosition Summary:
Monitor, evaluate and assess our IT Security controls, policies, setup, and configuration for compliance.
Managing cybersecurity alerts or threats by performing profound threat analysis.
Duties & Responsibilities:
1. Monitoring Security Operations Center (SOC) alerts closely for any security issues.
2. Ensuring all tickets raised by SOC and CA internal IT Security ticket are responded and closed within committed service level.
3. Performing cyber threat analysis and investigation on any potential security breaches and other related cybersecurity incidents
4. Perform and manage vulnerability assessments on various scanning tools and ensuring all major alerts are remediated.
5. Evaluate and score IT Security assessment feedbacks from internal/external parties.
6. Review implementation design of all new and existing projects/applications and follow through with remediations.
7. Evaluate and assess cloud application security across various setup and instances.
8. Managing and monitoring Endpoint Detection & Response (EDR) tool in terms of endpoint compliance, alerts response, and policy configurations.
9. Ensuring endpoint devices (workstation/servers) compliance in terms of security and critical patches involving operating systems, standard/custom applications, and hardware firmware.
10. Participate actively in penetrations and vulnerabilities assessment exercise performed by external vendors.
11. Actively monitor and evaluate compliance of all IT Security tools configurations and policies.
12. Perform IT Security awareness training on scheduled basis to all CA community.
13. Broadcast relevant IT Security Bulletins and alerts to all members of CA on active threats and best practices.
14. Hands on experience in the field of DevSecOps and integrating security component into every part of Software Development Lifecycle (SDLC).
15. Evaluation of IT Security compliance into onboarding of new facility or services.
16. Engage in "ethical hacking" for example, simulating security breaches.
17. Maintain an information security risk register and assist with internal and external audits relating to information security.
Possess strong interpersonal, analytical and rationalizing skills.
Sound knowledge of computer systems and competent in Microsoft Office software.
Resourceful, independent, assertive, result-oriented, disciplined and a team player.
Willing to travel overseas.
Process own transportation.
1. Proven work experience as Information Security Analyst or similar role
2. Knowledgeable in AD, Azure Hybrid platforms and various other public/private cloud architecture
3. Added advantage with experience in healthcare industry related security best practices.
4. Specialize in hardening of network, IT infrastructure and cloud app security (including API gateway security)
5. Knowledgeable in Kubernetes (container orchestration system) architecture
6. Proficient with Windows, Linux, and other OS
7. Proficient in Microsoft Office Suite or related software.
8. Experienced with penetration testing and techniques.
9. Ability to identify and mitigate network vulnerabilities.
