System Security Engineer

Job Description:

Provide security expertise and management services to support Authority in activities such as:

• Internal/external audits (IM8, Cybersecurity, etc)

• Policies compliance (IM8, Cybersecurity, etc), work with vendor on:

• Vulnerability management compliance reports and patch reports

• Filing of documents and Security Scorecard for audit purpose, to produce it as required

• Monthly logs review. e.g., privilege user activities

• Vulnerability/ Compliance Assessments

• Penetration Tests and Source Code Reviews

• Disaster Recovery (DR) and Business Continuity Planning (BCP):

• All relevant activities related to the DR and BCP planning

• Checks on system backup completion by vendor and datacentre

• Document update and implementations.

• ICT/Threat Risk Assessments (TRA)

• Monthly reviews of privileged accounts and non-privileged account, disable inactive accounts

• Seek security waivers (IM8, Cybersecurity Act, Circulars etc)

• Circulate security notifications/alerts to vendors and ensure status updates too all stakeholders including cybersecurity centre

• Security monitoring/tracking:

• Monitor alerts from SOC

• Update stakeholders regarding SOC alerts

• Review compliance reports with vendors to ensure that system is compliant

• Manage, track and update any security incidents/ issues to all stakeholders

• Review Incident Report (if any)

• Patching:

• Ensure patches are tested and verified before seeking approval for patching downtime

• Communicate system downtime to all stakeholders

• Ensure system availability after patching is completed

• Obsolescence management for software licenses, hardware, operating systems and certificates

• Security enhancement/integration

• Support the submission of security clearance for related vendors

• Perform other related duties as assigned or requested

Requirements:

• Diploma or Bachelors Degree in Cybersecurity/InfoSec/Information Technology/Information Systems/Business IT or its equivalent

• Relevant professional certifications, such as CISSP, CISM, CEH, or other security certifications

• Minimally 1-2 years of experience in cybersecurity and supporting mission critical systems with very stringent SLA e.g. 99.9%

• Well-versed in cybersecurity best practices and establishing of its policies

• Well-versed in IT Service Management (ITSM) standards, processes, guidelines and best practices

• Able to cope in a highly pressured fast-paced environment

• Prior working experience in cyber security and vulnerability management is preferred

• Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls

• Able to understand security posture of systems

• Prior working experience in Project Management is a plus point

• Able to understand the system and software architecture, and user operations environment

• Willingness to pick up any new technologies

Information :

• Company : KRIS INFOTECH PTE. LTD.
• Position : System Security Engineer
• Location : Singapore
• Country : SG