- This position is for Office of Integrated Information Technology Services (IITS).
- IT Security Management
- Plan, implement and maintenance of enterprise security infrastructure in SMU as well as relevant hardware to meet SMU’s needs for teaching, learning & the various research areas.
- Plan, formulate and architect the growth of security infrastructure in the cloud or on-premise to cater to the needs of SMU community so as to provide a boost for staff productivity.
- Manage and operate installed security infrastructure to maintain high availability and performance of all IT systems while also driving projects for improvements and enhancements. Continually seek improvement within the security infrastructure.
- Responsible for implementing IT security policies and related procedures to protect SMU enterprise security infrastructure.
- Implement and enforce security measures and procedures (e.g., patch management, risk assessment and application vulnerability scanning) to protect SMU’s security resources.
- Educate, demonstrate, and create awareness to both IT and Non-IT staff on the security arena such as ongoing IT Security Awareness Programme – Security talks, Periodic IT security advisory to SMU community, Phishing test, IT Security Quizzes and IT security work-about
- Consultancy and Support
- Provide support and consultancy to user in the areas of core enterprise IT services such as security assessment for cloud and application security. Communicate technology limitations or features and sets expectations.
- Responsible for smooth operations of SMU’s enterprise security infrastructure; ensuring the continuous high availability and performance of the communications and connection within and outside of SMU.
- Architect cloud solutions and provide application security consultancy to meet systems modernization and cloud transformation needs; conduct security assessment on applications and provide security recommendation on cloud infrastructure architectures.
- Identify, evaluate operations and support of core security services as well as related infrastructure hardware.
- Provide technical security consultation and integrate standard security practices such as COBIT, ITIL, NIST and ISO27001 into operations and development environment.
- Projects and Operations
- Manage IT project for existing Security Infrastructure enhancement and new system implementation such as preventive monitoring, maintenance and proactive analysis of network traffics and systems.
- Establish project plans, milestones, and deliverables in consultation with immediate supervisor.
- Provide leadership to project team to ensure that proposals, plans and projects (technical) are evaluated and successfully executed.
- Responsible for managing and handling of all IT security incidents and responses.
- Architect and create reusable application framework and threat modeling to mitigate current and future attack scenarios.
- Advise and review application security design to detect potential security issues; design and implement cloud security measures.
- Monitor user requirements to keep up-to-date with latest technology developments in order to plan and improve the quality of use of enterprise Infrastructure resources.
- Responsible for managing VAPT and security operation and related administrative tasks as well as liaising with vendors on all IT Security related Infrastructure matters. Ensure and improve the operations of the university’s enterprise security infrastructure within allocated budget.
- Degree Computer Science, Electronic/ Electrical Engineering or related disciplines.
- Experience in IT security operation support and cloud administration with relevant IT Security professional certifications will be highly advantaged.
- least 5 to 10 years of relevant working experience in IT environment/Security management.
- In-depth knowledge and experience in User Entity and Behavioral Analytics as well as APT Sandboxing Technologies.
- Sound knowledge in Web application vulnerabilities, such as OWASP Top 10, Cross-site Scripting, Application Security and SQL injections.
- Familiar with operation of NG/Web Application/Database Firewall, VPN, Anti-Virus, Anti-Spam, SIEM, Intrusion Prevention/Detection, Data Leakage Prevention System, Cloud Security, UEBA, EDR, Desktop Security & Vulnerabilities Assessment.
- Solid software development, application security, cloud security and penetration testing experience would be advantageous.
- Good Knowledge of security standards, best practices and risk assessment with analytical skill.
- Strong technology and common business acumen.
- A self-starter, always striving for excellence, innovative with service-oriented mindsets and initiative to improve processes.
- Attention to details, sound decision-making abilities, Independent, with initiative, positive attitude, and keen interest in exploring the areas of IT security.
- Good interpersonal verbal and writing skills.
Candidates who do not possess the stipulated qualifications but have relevant work experience may still apply. Remuneration and appointment terms shall commensurate with qualifications and experience. SMU reserves the right to modify the appointment terms where necessary.
- Antivirus Softwares
- Application Security
- Attention To Detail
- Cloud Computing Security