Job Responsibilities:
Incident Detection and Response
• Monitor and analyse security events and alerts to identify potential security incidents.
• Investigate and assess the nature and severity of security incidents.
• Develop and implement incident response procedures to mitigate risks and minimize impact.
Vulnerability Management
• Review regular vulnerability assessments and penetration testing results.
• Identify and prioritize vulnerabilities based on their severity and potential impact.
• Work with system administrators and developers to address vulnerabilities.
• Implement and maintain vulnerability management tools and processes.
Security Policies and Procedures
• Review and ensure systems and processes are aligned and comply with updated security policies (IM8), standards, and procedures.
• Ensure compliance with industry best practices.
• Provide guidance and support to team members regarding security policies and procedures.
Security Tools and Technologies
• Implement and manage security tools and technologies.
• Administer security systems such as *firewalls, *intrusion detection systems, and antivirus software.
• Conduct research on emerging security technologies and recommend improvements.
• Maintain up-to-date knowledge of security threats and countermeasures.
Risk Management
• Perform risk assessments to identify potential security risks and vulnerabilities.
• Develop risk mitigation strategies and controls.
• Document security incidents with their root causes and remediation actions.
• Prepare incident reports for management and stakeholders.
• Maintain accurate and comprehensive records of security incidents.
• Work with cross-functional teams to address security-related issues.
• Communicate effectively with technical and non-technical stakeholders.
• Provide guidance and support to IT teams on security-related matters.
• Participate in security incident response drills and exercises.
Job requirements:
Application Security
• Relevant web application experience
• Identify app security lapses in a system and mitigation methods
• Familiar with technologies like SAST, DAST or IAST
• Familiar with security testing tools like Burp, ZAP, Nessus, Fortify SCA, CheckMarx, etc.
• Define app security practices for one or multiple systems/applications
• Analyse scan results and address possible app security loopholes and threats
• Anticipate and prepare for the next evolution of app security testing trends
• Develop techniques to ensure development teams find flaws before they are introduced into production
• Lead software security initiatives, eg bug bounty program
• Oversee the security posture of web applications
