2022-09-27
IP Location 菲律宾 309| Industry Category | Computer / Information Technology | Position | IT-Network / Sys / DB Admin |
| Recruitment Department | Number Of Recruits | several | |
| Work Location | Metro Manila (NCR) Pasig | Nature Of Work | Full Time |
| Gender Requirements | Male | Marriage Requirement | No marital status restrictions |
| Education Level | College Diploma | Work Experience | No work experience restrictions |
| Age Requirement | Above 18 years old | Salary Package | Negotiable |
| Updated Date | 2022-09-27 | Valid Until | Long-term validity |
Background:
We are an expanding team and looking for a Security Engineer. In this role, you will manage the Security Infrastructure, initiates improvements, deliver major and complex tasks and projects. Also you will be responsible in maintaining Dashboard, Platforms, Servers, Tools and other Services under the Security infrastructure. In addition, you are responsible to ensure that security is tightly integrated into the enterprise's wide and BUIT based solution development lifecycle through design and building of security in every phase of the lifecycle to minimise system vulnerabilities and reduce the attack surface.
Core Responsibilities:
1. Security Engineering
· Provide day to day security project support.
· Perform technical support, troubleshoot and provide Root Cause Analysis on complex issues effectively and efficiently in line with the SLA required by the business.
· Provide emergency on-site support and coordination, and on-call support as required.
· Monitor and review environments using tools, logs, and log analysis and respond to alerts by following procedures or escalating them.
· Review existing document procedures, records and inventory.
· Review and define operating procedures used for day-to-day support, installation guides, housekeeping procedures, etc.
· Prepares complex and advanced monthly reports for service utilization and availability.
· Creates scripts for monitoring and to automate administrative tasks
· Act as a Security SME and consultant to projects throughout the SDLC + project lifecycle
2. Security Architect
· Ensure that the Enterprise and BUIT solution-based initiatives are compliant with information security policies, and the relevant legal and regulatory frameworks throughout.
· Provide security and compliance assessment for enterprise and BUIT solution-based initiatives to ensure that security or compliance risks are appropriately identified, communicated to relevant stakeholders, control requirements or mitigation up to acceptable levels are properly built in through each phase of the development or solutioning lifecycle.
· On BUIT solution-based or Product Line initiatives, conduct architecture risk and security assessment in collaboration with BUIT, Product Line COE/Infra and Apps Dev/support and IT Service COE that facilitate business risk exposure objectives
· On Enterprise-based security product such as NGFW/NIPS/NAC or such, work closely with security engineering/security operation team from requirement analysis to product identification, solution design & deployment to Enterprise IT environment, ensure Security services & processes are implemented, operated and controlled according to security policy and standards.
· Ensure all architecture risk and security review cover hardware, firmware (where applicable), software database and application both in-house developed & vendor based (includes those hosted in cloud or cloud-based; e.g.; IaaS/SaaS/PaaS). Detail assessment should cover from components to systems and to final solution delivered to business.
· Track periodically and monitor deviations from information security policies and standards, identify mitigating controls to reduce risks and exposure throughout the entire products and solution lifecycle.
· Provide oversight of organization wide security architecture, ensure security team and COE members perform the needed risk & security assessments in accordance with the established group level IT security policy and risk management framework (ISO27001/NIST CSF).
· evaluate risks of third party vendor products or solutions, provide solutions and measures to ensure compliance with the established information security policies.
· Define, Identify & Implement appropriate tools for security testing of the architecture, and/or application-code scan to assist developers from either Infra COE/Product Line COE/Dev-support COE secure their Infrastructure/web/mobile and enterprise solutions.
· Communicate cyber security advisories to IT/End users.
Requirements
Degree in Computer Science, Information Systems, Engineering or equivalent.At least 5 years IT experience with minimum 3-4 years Security Solution Architecture hands-on experience in end-user based environment.Understanding of Security Architecture attributes.Familiar with common SDLC models (such as waterfall model and agile), security-by-design concepts and implementation, and common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity framework.Professional security certification is desirable, such as CISSP, CISM, CISA or other similar credentials. Knowledge and application of SABSA/ESA is good to have.Self-motivated with strong interpersonal and stakeholder management skillsAnalytical, effective communicator and able to work independently.