โลโก้บริษัท aCommerce (Platform Development)

Security Engineer - Application, Systems, GRC

aCommerce (Platform Development) - Middle-Level, Full time - วัฒนา กรุงเทพมหานคร
฿1,000-฿1,000

Application Security Engineer

The Application Security Engineer will conduct both automated and manual assessments of application/website code to detect vulnerabilities before it ships. In this position, you will also act as a subject matter expert in all things related to application security.

Job Responsibilities:

  • Perform penetration testing on our internal and external applications.
  • Implement automation for finding vulnerabilities in CI/CD process.
  • Improving data security through use of encryption/key management, segregation, or other techniques.
  • Helping engineers design more secure systems via design input and code review.
  • Develop secure coding guidelines.
  • Deliver web application security training to developers.
  • Be a security subject matter expert and respond to any internal security engineering questions/request.
  • Perform reactive incident response when a security event occurs.
  • Perform proactive research to detect new attack vectors

Capabilities:

  • Experience as a developer, ideally with PHP, Python, or Node.js.
  • Relevant Certifications [CEH, OSCP, GIAC (GPEN)].
  • 5+ years of work experience in an application security role.
  • Excellent Spoken and Written English.
  • Knowledge of Agile Development processes.
  • Familiar with application security attacks and countermeasures.
  • Familiar with both automated and manual assessment techniques.
  • Comfortable explaining technical vulnerabilities and risks to both technical and non-technical audiences.
  • In-depth experience identifying and protecting against web application vulnerabilities.
  • Experience with various application and infrastructure security tools and products (Burp Suite, Fortify, IBM AppScan, WebInspect, Nmap, Nessus, or OWASP ZAP).
  • Strong knowledge of browser security model, mobile app security, cryptography and network security.
  • Experience with security tools for static analysis, dynamic analysis, penetration testing, intrusion detection.

Systems Security Engineer

The Systems Security Engineer will implement and monitor security measures for the protection of computer systems, networks and data.

Job Responsibilities:

  • Conduct user account audits across various systems.
  • Conduct network vulnerability scans.
  • Document Server hardening guidelines.
  • Perform firewall policy audits
  • Proactively offer, deploy and monitor security solutions where the business dictates.
  • Patching and upgrades of all security systems and services where applicable
  • Perform periodic penetration testing.
  • Conduct Wireless Security Assessments.
  • Investigation of HIDS, SIEM, and other automated alerts.
  • Ensure PCI compliance status of network devices and servers.
  • Assist in annual PCI recertification efforts.

Capabilities:

  • Excellent Spoken and Written English.
  • Familiar with security products such as Nessus, OSSEC, Metasploit, nmap, Fail2Ban, Fortigate, OpenVPN, and Wireshark.
  • Excellent understanding of Linux operating systems.
  • Minimum 3 - 5 years of experience in Network and Systems Security.
  • Good Knowledge in Intrusion Detection/Prevention Systems.
  • Good Knowledge of IPSEC VPN tunnels.
  • Good Knowledge in Firewall concepts.
  • Good Knowledge in SIEM.
  • Experience in OS Hardening including Windows and Linux.
  • System Admin/ DevOps background.
  • Docker container configuration and security
  • Professional security management certification: CISSP preferred

GRC Security Engineer

The Governance, Risk, and Compliance Engineer is responsible for the assessing and documenting of the aCommerce’s compliance and risk posture as they relate to the its information assets. This position is also responsible for oversight and coordination of third-party security assurance, policy documentation, and security awareness training.

Job Responsibilities:

  • Create required Security Policy documents
  • Review security components of legal contracts, Statements of work, and other contractual documents
  • Complete third-party security due diligence questionnaires.
  • Provide New Hire Orientation and deliver periodic Security Awareness Presentations.
  • Assist in annual PCI certification efforts.
  • Coordinate with the Infrastructure teams to audit ID Badges, physical access controls, and CCTV deployments.
  • Improve Security Awareness posters and signage displayed in all offices.
  • Security Software Acquisition/Renewal.
  • Actively involved with Disaster Recovery and Business Continuity Planning.

Capabilities:

  • Excellent Spoken and Written English.
  • Must have a good grasp of legal terminology.
  • Experience performing information security audits or risk assessments
  • Familiarity with security auditing processes
  • Knowledge of information security risk management frameworks and compliance practices.
  • Experience in ISO27001, PCI DSS, and Thai Cyber Law Crime Act.
  • Professional security management certification: CISSP or CISA preferred.

Personal Attributes:

  • Ability to conduct research into a wide range of security issues as required.
  • Ability to absorb and retain information quickly.
  • Ability to present ideas in user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Exceptional customer service orientation.
  • Experience working in a team-oriented, collaborative environment.

Benefits:

  • Group health insurance and life insurance
  • Free lunch everyday
  • Daily 15-minute Thai Massage
  • Work from home 1 day per week
  • Vacation leave 14 days per year
  • Leaves for marriage, priesthood, bereavement and parental 
3 days ago

Related Skills

#cissp#informationsecurity#pentest#security#securitycompliance

Contact

aCommerce (Platform Development)
689 Bhiraj Tower, 33rd Floor, Sukhumvit Road, Klongton Nua, Wattana, Bangkok 10110, Thailand

About aCommerce (Platform Development)

โลโก้บริษัท aCommerce (Platform Development)

aCommerce (Platform Development)Information Technology

Founded in June 2013 with over 1,400 staff, aCommerce is present in Thailand, Indonesia, Singapore, Malaysia, and the Philippines. aCommerce is committed to being the leading ecommerce enabler and e-d

กรุงเทพมหานคร

Similar Jobs

20 days ago

Clound Engineer (Urgent) !!!

Entry-Level, Full time

฿25,000-฿50,000 Ragnar Corporation Company Limited - วังทองหลาง กรุงเทพมหานคร
#aws#infrastructure#linux#network#security