Information Security Operation Engineer

As ASMPT continues its Digital Transformation Journey, we are looking for a highly motivated, experienced and hands-on technical Information Security Engineer.  The person plays an integral part in monitoring/responding to security threats, development, and implementation of information security tools & process across enterprise, focusing on security operation and ensuring security baseline across enterprise.

Job Description

• Monitor, maintain and fine-tune existing network & security infrastructure solutions: Endpoint Security, Anti-Virus, DLP (Data Loss Prevention), Vulnerability Scanner, Microsoft 365 Security and Compliance, Email Security. Suggest security standards and practices for the Next Generation Firewall (NGFW), network proxy gateways, etc.

• Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)

• Prepare and document security hardening standard, security incident response plan & playbook.

• Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.

• Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and/or within OT environment.

• Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.

• With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement

• Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.

• Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.

• Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.

• Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.

• Other duties as assigned.

Monitor, maintain and fine-tune existing network & security infrastructure solutions: Endpoint Security, Anti-Virus, DLP (Data Loss Prevention), Vulnerability Scanner, Microsoft 365 Security and Compliance, Email Security. Suggest security standards and practices for the Next Generation Firewall (NGFW), network proxy gateways, etc.

Monitor, analyze and response to Information Security Incidents by working across teams (e.g.: infrastructure, application, other departments, etc.)

Prepare and document security hardening standard, security incident response plan & playbook.

Collaborate with IT, engineering, production and QA team to ensure security practices are integrated into all systems and applications.

Prepare documentation such as procedures and guidelines for security practices within the internal IT team, engineering and/or within OT environment.

Implement, conduct external and internal vulnerability scans, network penetration tests and application security tests as required.

With minimum supervision, generate reports from security tools, write incident reports, assessment-based findings, outcomes and propositions for further system security enhancement

Support relevant projects, initiatives or security activities such as but not limited to security awareness programs, security incident response with relevant teams and security software deployments.

Participate in projects involving IT systems, provide sound technical advice to ensure security principles are adhered to and provide support as needed.

Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance.

Conduct research, perform PoC to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.

Other duties as assigned.