Cyber Security Analyst
The Cybersecurity Analyst is responsible in maintaining and improving the organization’s cybersecurity posture on an ongoing basis. S/he will work with external experts to implement security solutions, and work with vendors to monitor, detect and contain cybersecurity incidents to minimize impact to the organization.
- Review and development of security framework, information security policies, processes / procedures and guidelines on an ongoing basis
- Work with vendor to conduct security assessments and penetration tests.
- Identify security gaps, perform threat risk assessments in current setup and propose mitigating measures.
- Standardize and refine security incident response and escalation processes.
- Mitigate and contain threats when detected.
- Escalate security incidents and non-compliances on a timely basis.
- Work with IT infrastructure team to evaluate, implement and enhance the network perimeter security, endpoint security, SIEM.
- Monitor information security alerts triage, mitigate, and escalate issues as needed.
- Conduct information security awareness training.
- Provide security advisory to end users on regular basis.
- IT Security Management of various aspect, e.g. network security, server security, application security, end point security, email security, physical access security, logical access security, etc.
- Keep abreast of industrial IT security advancements and introduce appropriate security enhancements to IT infrastructure and systems.
- Attend to any other reasonable duties as assigned by the Senior Cyber Security & IT Governance Manager and IT Director.
- Degree in engineering, science or information technology, or equivalent education.
- At least 5 years of related work experience in cybersecurity management and security governance.
- Candidates with additional experience will be considered for the Senior Cyber Security Analyst position
- Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPD, firewall), security incident response and security assessment.
- Strong understanding of ISO27001 standard.
- Hands-on experience at least 4 of the following IT Security Tools:
- Next Generation Firewall (e.g., FortiGate, Palo Alto, Cisco FirePower)
- Tenable Security Center Continuous View
- Endpoint Protection (e.g., Symantec, Trend Micro, Sophos Endpoint)
- Email Security (e.g., FireEye ETP, Cisco Email Security)
- Data Loss Prevention (e.g., Symantec, ForcePoint, Digital Guardian)
- SIEM (e.g., Splunk, QRadar)
- Have understanding of Risk Management, Disaster Recovery, Business Continuity and IT Regulatory Compliance.
- Good command of written and spoken English.
- Excellent interpersonal and communication skills.
- Pro-active, independent, resourceful, able to work in a team environment and work independently with minimal supervision.
- Work well with all functional levels in the organization.
- Possess at least CISSP, CISM or equivalent IT security certifications.
- CISA certification will be advantageous.
- Prior IT security consulting and/or IT Network experience will be advantageous.
Netlink Trust Operations Company Pte Ltd