IT Security

Role Summary

Responsible for enterprise-wide Information Security program, Protect PII and enterprise IP, Providing information security governance, infrastructure and application security, and overall technology risk management, design and perform penetration tests, analyze findings, and report results.

Role and Responsibilities / หน้าที่ความรับผิดชอบ:

• Conduct web application penetration test, mobile application penetration test, api penetration test, and network/infrastructure penetration test.
• Conduct vulnerability assessment on Internet-facing systems and internal systems.
• Work with IT Security Team to develop a security programs to mitigate identified risks and support security requirements from IT users.
• Research new security threats and attack vectors, provide remediation methods to all levels of Information Technology staff.
• Anticipating possible security threats and identifying areas of weakness in the proposed system, a Security Architect must be proactive to highlight the possible breaches of security.
• Perform IT Security assessment to support new projects and applications as they relate to security architecture and design; audit existing deployments and analyze gaps against security practices and standards.
• Review and advise security solution architect for the proposed system such as: Network Segmentation, Application protection, Defense-in-depth, Remote Access, Encryption Technologies, Backup/Replication/Multiple Sites, Cloud/Hybrid/Multiple Cloud Vendors, Software Defined Networking, Network Function, Virtualization.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Ensure that IT systems and applications within the organization meet the needs of business while adhering to security best-practices, compliance and regulatory requirements
• Track, assist and manage to resolution and closure of security risks including review plans and monitor progress or remedial actions.
• Provide information security awareness training to organization personnel adhering to security best-practices, compliance and regulatory requirements.

Qualifications / คุณสมบัติ: 

• Bachelor or Master’s degree in Computer Engineering, MIS, IT or a related field.
• At least 5 years experiences in cyber security area.
• Professional certificates related to work (e.g. CEH, Pentest+, ISO 27001, OSCP, GPEN or similar general security certification) is desirable
• A positive, can-do attitude, who naturally expresses a high degree of empathy to others.
• Efficient communication and team- player skills.

Specific knowledge and skill / ความรู้เฉพาะตำแหน่ง:

• Knowledge of International Security frameworks, Standards, Guidelines and Methodology eg, NIST-800, ISO 27001, OWASP, PCI-DSS, ISSAF, OSSTMM, and etc.
• Previous penetration testing experience and familiarity with commonly used tools and tactics.
• Experience with offensive security analysis tools and tactics.
• Strong cyber threat intelligence and information security experience in complex organizations
• Experience in system and application security management and control.
• Experience in facilitating information security risk assessments.
• Familiarity with cyber security threats, defenses, motivations and techniques.
• Familiarity with security concerns facing large enterprises.