Position Objectives

As ASMPT continues its Digital Transformation Journey, we are looking for a highly motivated, experienced and hands-on technical Information Security Engineer. The person plays an integral part in monitoring/responding to security threats, development, and implementation of information security tools & process across enterprise, focusing on security operation and ensuring security baseline across enterprise.

Responsibilities:

• Monitor, maintain and fine-tune existing network & security infrastructure solutions: Endpoint Security, Anti-Virus, DLP (Data Loss Prevention), Vulnerability Scanner, Microsoft 365 Security and Compliance, Email Security. Suggest security standards and practices for the Next Generation Firewall (NGFW), network proxy gateways, etc.
• Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)
• Prepare and document security hardening standard, security incident response plan & playbook.
• Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.
• Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and/or within OT environment.
• Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.
• With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement
• Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.
• Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.
• Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.
• Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
• Other duties as assigned.

Requirements:

• Preferably has working experience from MNC or company which uses English as the main communication language.
• Advance level of English language speaking and writing proficiency. Proficiency in Mandarin and English are required as the individual is expected to work with endpoint user support team.
• At least 3 years’ experience in security operations centre (SOC) and cyber security incident response team (CIRT)
• A proven track record as an Information Security engineer collaborating with teams internationally
• Hands on experience with security technologies such as NGFW, Endpoint Security, DLP, Proxy, Secure Email Gateway, Active Directory, Identity and Access Management (IAM), Microsoft 365, etc.
• Hands on experience with the implementation, configuration, fine tuning, operations, and maintenance of security tools
• General knowledge of industry best practices on security hardening, OWASP, network security, security risk & management frameworks, national cybersecurity standards, ISO27001, etc.
• Team player and able to collaborate across diverse stakeholders to achieve security objectives
• Excellent communication, interpersonal and consultative skills
• Good problem solving and analytical skills and workshop facilitation skills
• Experience in working with high performance teams and understand the dynamics of international teamwork
• Ability to learn and understand new concepts quickly to keep up with new emerging technology
• It would be advantageous for you to have exposure to working directly for companies who have gone through extensive periods of change and / or a full-scale transformation programme in recent years.
• Data driven, with a continuous improvement mind-set acumen.
• Tertiary Education in Computer Science or related fields
• Preferably graduated from university abroad
• Minimum 3 plus years of progressive experience in computing and information security
• Experience in solutioning, architecting, implementing security solutions
• CEH, CCNA Security, GSEC, GCIH, CCOA, SSCP or other security certifications from institutions like ISACA, ISC2, GIAC would be good

Attractive salary and fringe benefits package will be offered to the right candidates.

Please visit our company website for our company background, products and other useful information.

Website: ASMPT Limited

Data collected will be used for recruitment purpose only. Suitable candidates may be referred to other vacancies within our company.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.