Information Security Operation Engineer

As ASMPT continues its Digital Transformation Journey, we are looking for a highly motivated, experienced and hands-on technical Information Security Engineer.  The person plays an integral part in monitoring/responding to security threats, development, and implementation of information security tools & process across enterprise, focusing on security operation and ensuring security baseline across enterprise.

Job Description

• Monitor, maintain and fine-tune existing network & security infrastructure solutions: Endpoint Security, Anti-Virus, DLP (Data Loss Prevention), Vulnerability Scanner, Microsoft 365 Security and Compliance, Email Security. Suggest security standards and practices for the Next Generation Firewall (NGFW), network proxy gateways, etc.

• Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)

• Prepare and document security hardening standard, security incident response plan & playbook.

• Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.

• Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and/or within OT environment.

• Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.

• With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement

• Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.

• Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.

• Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.

• Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.

• Other duties as assigned.

• Preferably has working experience from MNC or company which uses English as the main communication language.

• Advance level of English language speaking and writing proficiency. Proficiency in Mandarin and English are required as the individual is expected to work with endpoint user support team.

• At least 3 years’ experience in security operations centre (SOC) and cyber security incident response team (CIRT)

• A proven track record as an Information Security engineer collaborating with teams internationally

• Hands on experience with security technologies such as NGFW, Endpoint Security, DLP, Proxy, Secure Email Gateway, Active Directory, Identity and Access Management (IAM), Microsoft 365, etc.

• Hands on experience with the implementation, configuration, fine tuning, operations, and maintenance of security tools

• General knowledge of industry best practices on security hardening, OWASP, network security, security risk & management frameworks, national cybersecurity standards, ISO27001, etc.

• Team player and able to collaborate across diverse stakeholders to achieve security objectives

• Excellent communication, interpersonal and consultative skills

• Good problem solving and analytical skills and workshop facilitation skills

• Experience in working with high performance teams and understand the dynamics of international teamwork

• Ability to learn and understand new concepts quickly to keep up with new emerging technology

• It would be advantageous for you to have exposure to working directly for companies who have gone through extensive periods of change and / or a full-scale transformation programme in recent years.

• Data driven, with a continuous improvement mind-set acumen.

• Tertiary Education in Computer Science or related fields

• Preferably graduated from university abroad

• Minimum 3 plus years of progressive experience in computing and information security

• Experience in solutioning, architecting, implementing security solutions

• CEH, CCNA Security, GSEC, GCIH, CCOA, SSCP or other security certifications from institutions like ISACA, ISC2, GIAC would be good