Connecting linkedin



Senior IT Security Operation Engineer

  • Location


  • Sector:

    Financial Services and Banking

  • Job type:


  • Contact:

    Ken Zhang

  • Contact email:

  • Salary high:


  • Salary low:


  • Job ref:


  • Published:

    7 months ago

  • Duration:


  • Expiry date:


  • Startdate:



  • Work with Asset Managment IT and and security team to develop, implement, and enhance company security capabilities, policies, processes, and programs
  • Interface with the company technology risk, audit, and compliance to develop and execute security self-assessment and internal audit plans
  • Daily security operational tasks including DLP, Anti-spam, anti-virus, end point security solutions, perimeter security solutions
  • Manage the vulnerability management program, including scanning, analyzing, and tracking on the progress of the patching
  • Manage the penetration test program
  • Manage the application security program including static and dynamic code scan and tracking
  • Handle the security incident analysis and respond


  • Bachelor degree or above. (Information Technology or related is preferred but not required)
  • Industry certifications (i.e. ISC2, ISACA, SAN), though are not essential, will help differentiate the candidates.
  • At least 8+ years working experience in IT security operation
  • Fluent in English and Mandarin
  • Strong knowledge with security system/solution, like DLP, IPS/IDS, WAF, SIEM, etc.
  • Strong knowledge in Vulnerability assessment and management
  • Ability to multi-task and handle multiple projects.
  • Ability to evaluate technical and functional specifications and identify possible threats or areas of weakness.
  • Ability to review code of enterprise applications and identify possible security vulnerabilities.
  • Establish and maintain relationships with key leaders in security and technology
  • Understanding of OWASP Top 10 software vulnerabilities
  • Perform vulnerability analysis activities, review vulnerability scan results
  • Understanding of cyber exercises to include planning, execution and lessons learned generation.
  • Prior background as a developer or infrastructure engineer is a plus