Connecting linkedin

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9oyw1sew4td2lsbglhbxmvanbnl2jhbm5lci1kzwzhdwx0lwpvyi5qcgcixv0

Job

Technical Lead (Information Security)

  • Location

    Hong Kong

  • Sector:

    Technology

  • Job type:

    Permanent

  • Contact:

    Warwick Pearmund

  • Contact email:

    w.pearmund@hamlynwilliams.com

  • Salary high:

    0

  • Salary low:

    0

  • Published:

    7 months ago

  • Expiry date:

    2020-06-07

The Technical Lead or Senior Analyst will be responsible for assisting the Technical Managers for the delivery of IT Security Solutions. 

Role:

  • Work with assigned Project Manager to drive small to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities and ensure initiatives get completed on time and budget.
  • Work with business and IT stakeholders to design, implement and update network vulnerability scanning systems.
  • Classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats.
  • Deliver the penetration test life cycle process and co-work with SME and application teams for defining the scope within which the pen-tester must operate, testbed scheduling, testing tool and white box testing arrangement to streamline the pen-testing duration, and ensure the completeness and tracking the findings and rectification schedule.
  • Provide technical support in security log, feeds and raw source into SIEM for data security analytics.
  • Perform information security risk assessment and technical advisory for assigned project areas to ensure compliance to company IS policy, standards and practices, as well as mitigation of all identified risks.
  • Conduct technical study of IS initiatives and provide technical suggestion and recommendation in design, development and system integration.
  • Assist to solve technical problems to provide an efficient environment for project implementation

Requirements:

  • A university degree with strong technical background, particularly in Information Technology, security, application development and/or networking
  • 5 to 8 years’ experience working in technical IT roles, with at least 3 years’ hands-on experience in enterprise security infrastructure, IS risk assessments or testing; a CISSP, CISA or CREST relevant certification will be advantageous.
  • Experience with vulnerability assessments - scanning the environment, generating reports and engaging with system owners and stakeholders to make certain that any observed vulnerabilities or security concerns are addressed/remediated.
  • Experience performing analysis with Security Data Analytic technology such as SIEM, UEBA, ELK, SOAR
  • Strong understanding of networking protocols, operating systems and cyber security concepts and technologies.
  • Promote security awareness and adoption of security standards and practices to staff members including vendors
  • Able to implement the vulnerabilities scanning to different network segment and prevention by existing security controls. Ideally automate this process.
  • Able to identify gaps/weaknesses in SOC monitoring capability by mapping detection rules, e.g. SIEM use cases, Carbon Black watch lists, Darktrace models, AD monitoring and Firewall policy
  • Good knowledge of networks and systems protocols as well as IT Security methodologies, vulnerability scan methodologies and approaches
  • Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security
  • Hands-on experiences to PC endpoint whitelisting, Web Isolation and/or MSS handling would be advantageous.
  • Good working knowledge of Windows, Linux, OSX and mobile operating systems.