Apply now »

SR. SECURITY ENGINEER

to follow

Job Summary:  

Develop and enforce security plans and standards; ensures that network and system security best practices are executed and implemented.  Prepare the plans to deliver/implement the security infrastructure strategy prepared by the Security Architect. Provide support to the Security Architect in enterprise security projects including defining configuration standards, testing and implementation.  Leads the research, evaluation and implementation of ISD security tools and small projects.  Provide risk assessment support to CPSD and SQRD related to architecture for security concerns and/or security controls to be architected.  Maintain and mature the security tools to ensure effective prevention and detection of incidents. Prepare the necessary documentation for project approval and implementation.  Act as the subject matter expert on security of assigned technology domain/area (i.e., endpoint, operating system, database, etc.).

Specific Duties & Responsibilities:
 

  • Based on the approved IT security systems and infrastructure architecture, develops detailed designs for implementation.
  • Formulate, review and maintain IT security policies, technical standards, internal ISD procedures and guidelines related to securing the information processing environment, IT facilities and connected third party services/providers of the Bank. 
  • Provide support to CPSD and SQRD, serve as the security subject matter expert related to IT security and network infrastructure architecture.  Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
  • Evaluate cost-effective solutions and prepare the business case for IT security projects.
  • Manage the testing of technical controls and monitors its implementation.
  • Define and document security tool/device standard configuration parameters. Ensures that IT security infrastructure is securely configured and functions effectively and efficiently. 
  • Perform regular security configuration reviews, ensure efficacy of controls and use is optimized.
  • Monitor and if necessary, assist ITG administrators in ensuring problems of security devices/systems are timely resolved.
  • Review and/or evaluate vendor performance as part of VPRC process.
  • Review installation and changes to security infrastructure, i.e., firewall, VPN, routers, IDS scanning technologies, servers and network devices and assess impact to security posture and operations.
  • Manages the implementation of baseline system security standards various legacy systems.
  • Collaborates and coordinates with other ISD Departments to ensure that holistic ISD service is provided to internal customers.
  • Establish disaster recovery strategy of security tools implemented and ensures it is regularly tested for effectiveness.
  • Stay up to date with latest security technology and trends, vulnerabilities and threats.
  • Guide Infrastructure Security Specialists; review their work.
  • Proactively works with the SAID Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.
  • Perform other information security governance, risk and compliance related duties and responsibilities as directed by the SAID Head.
     

Job Specifications:

  • Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.
  • Extensive/in-depth knowledge and understanding of LAN/WAN networking topologies and protocols, cryptographic methods and schemes, operating systems (Windows, Linux, Unix), database systems, wireless technologies, cloud technologies and various security tools and technologies in various information security domains.
  • Certification may include SANS GIAC, CISSP, CISM, CompTIA Security+ or equivalent.
  • At least 3+ years’ experience in designing, implementing and maintaining security solutions.
  • Analytical and risk identification skills to analyze a variety of information security related risk situations and develop recommendations on the best course of action
  • Scripting and programming – computer programming and scripting skills is an advantage.
  • Strong written and oral communication skills to write technical reports on their assessments and communicate potential security weaknesses.
  • Should also be abreast with security best practices and knowledge of common and emerging security threats.
  • Self-starter, result-orientated in terms of disposition for corrective action to drive the remediation to reduce the risk exposure of the bank.
  • Have good teamwork and collaboration skills: good team players with the ability to lead security initiatives.
  • Good project management skills to lead and manage accomplishments of assigned tasks/projects within the predetermined time-frame
  • Good communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.

to follow

Apply now »