Job Description

POSITION GENERAL SUMMARY

• Implementing a range of security measures, including software and hardware solutions, to detect and prevent cyber threats from compromising the security and functionality of the platform.
• The scope of responsibilities includes the yearly exercise of vulnerability assessment and penetration test (VAPT),  administration, management, configuration, testing, and integration tasks related to the virtual patch management (VPM), internal vulnerability management system (IVAS), and other platform defense mechanism adopted by MAHB in the future.  administration, management, configuration, testing, and integration tasks related to the system 

ESSENTIAL POSITION FUNCTIONS

• Manage  all security equipment, focusing on vunerability scanner, virtual patch management and other platform defense technology adopted in the near future. Promptly act on alerts by examining potential security and data issues.
• Act as  backup to other defense pillar whenever required. 
• In-depth knowledge of OWASP Top 10 vulnerabilities (e.g., SQL Injection, XSS, CSRF).
• Understanding of web technologies like HTML, CSS, JavaScript, JSON, HTTP/HTTPS, RESTful APIs, WebSocket, and session management, 
• Developing and implementing a comprehensive vulnerability management program for MAHB which includes identifies, assesses, prioritizes, and remediates vulnerabilities in your organization's systems, applications, and infrastructure.
• Monitor the vulnerability management program's performance and report on its effectiveness to stakeholders, such as the board of directors, senior management, and external auditors.
• Manage and coordinate all associated activities related to the yearly vulnerability assessment and penetration testing (VAPT).
• Design, manage, configure and monitor all related activities related to the virtual patch management
• Involved in strategic planning for the MAHB technology infrastructure, developing and implementing policies and procedures, and collaborating with other executives in the organization to align technology initiatives with overall business objectives.
• Assist in initial investigation and triage of potential incidents/ operational issues and escalate or close events as applicable
• Work with internal business units and external stakeholders to drive secure configurations used for desktops, servers, network devices, and wireless network devices
• Manage and maintain the security operations process, such as Change Management, Incident Management, Problem Management,etc. pertaining to the security system.
• Keep updated on knowledge and awareness on latest security trends, and provide knowledge sharing when necessary.
• To perform duties with due diligence and professional care in accordance with professional standards and best practises      

Key Challenges

• To ensure understanding and involvement from all level of management and employees
• To get top management commitment in compliance activities
• To get all staff and management to adhere to policies, procedures and internal control 
• Ability to explain technical vulnerabilities and mitigation strategies to non-technical stakeholders.

Skills

• Experience in maintaining system (hardware and software)
• Experience in network/firewall configuration.
• Travelling, extra work (After office hour)
• Have a throughout understanding of system functionality including
• overall structures of TAMS subsystem
• Minimum supervision with good interpersonal and communication skills
• Knowledge in system, infrastructure and application architecture. 

Education

External        

• Degree preferably with specialization in computer related discipline and equivalent work experience required. Industry certification such as CISSP, CPT, etc is a plus     

Relevant Industries

External        

• Degree with CGPA > 3.0 and minimum 3 years of cybersecurity and vulnerability management or penetration testing experience 

Additional Information

Open for Malaysian citizens only.
Please be reminded that only online applications will be entertained.
Applications should reach us by 28 January 2025.
Only the shortlisted will be notified.