Sr.3 IT Security Specialist (Appsec/Infrasec/Systemsec)

AppSecEngineering:
Vulnerability assessment and penetration testing program and responsible for the design and performance of application security robustness tests :
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
- Automate penetration and other security testing on networks, systems and applications
- Develop and maintain security testing plans
- Produce actionable, threat- based, reports on security testing results
- Operate a hands- on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
- Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
- Act as a source of direction, training, and guidance for less experienced staff
- Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
- Foster and maintain relationships with key stakeholders and business partners
- Mentor and coach other IT security staff to provide guidance and expertise in their growth
InfraSecEngineering/ SystemSecEngineering:
Cybersecurity risk and compliance framework and management:
- Identify, highlight and remediate information security risk in the Bank
Policy, Standards and Processes:
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processses
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
Operations, Reporting and Administration
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Contribute to the IT Security Dash Board for Management
- Training IT security awareness
- Work with both internal/external audit during audit programs
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Collect, analyze and produce report for IT Security every month

Yêu cầu công việc

Education:
- Bachelor&039;s or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry- related curriculum)
Experience:
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
- Good using some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Expert with architect, security technology, integration
- Experienced in implementing ISO27000/PCI- DSS is preferred
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- 3+ years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI- DSS,…), ITIL
Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques
- Budget Management
- Risk Management
- People Management
- Stakeholder expectation management
Skills:
- Be able to catch up and manage works quickly and effectively
- Have ability to read and understand the professional documents in English.
- Be able to work independently with high pressure, good in teamwork
- Strong interpersonal and communication skill
- Good knowledge of risk management principles, methodology and practice
- Careful, responsible, and secure in protecting information/data belong to Bank

See yourselves in a new light
In essence of joining our company, you will be given the scope to seize every opportunity and helped to acquire specific competencies you’ll need to succeed either you wish to go wide or go deep. Our company prides ourselves on our underpinned principle of nurturing people in not only HR policies but also in our culture. We value innovations and we need people to work on initiatives and carry on our business vision of operating excellence and market leadership.
Alongside with these, we believe our staff members deserve a good working condition, so that in addition to social health insurance you will be accessible to health and accident insurance and will be eligible to join in team building every year. We also value your efforts; for this reason, we give you both financial and non- financial rewards such as: KPI bonus, Best Initiatives, Best performer or Best manager of the year, etc.
Company&039;s Benefits

Financial support:
Family funeral support
Lunch allowance
Wedding support
Probation with full salary
13th month salary + KPIs bonus
Performance rewards and awards
Healthcare Insurance
Events and activities:
Team Building
Year End party
Sport Day
Family Day
Christmas

Cập nhật gần nhất lúc: 2024-03-14 09:45:46