The role of the Senior Specialist is to:
- Support Infrastructure and Cloud Security projects and initiatives in line with the organisational security policies and strategies
- Support rollout of IT security projects on time and on budget while ensuring it meets technology platform standards and requirements
- Provide technical expertise with respect to leading-edge IT Security technologies
- Drive implementation of technically complex migrations and integration solution and transition projects
- Provide technical input on Business/IT projects with respect to design, development, implementation and operationalization.
Responsibilities:
- Define the Infrastructure Security requirements in all projects and drive implementation globally.
- Drive global awareness trainings and implementation of the Infrastructure Security standards.
- Provide Cloud and Infrastructure Security consultancy and advice to Global and Regional IT teams.
- Technical and organization security consultancy as well as product evaluation/selection for Network/Cloud/Endpoint/Data Security, IAM, etc.
- Provide best practice guidance and lead initiatives to effectively monitor, maintain and fine tune existing network & security infrastructure. Viz., Endpoint Security platform, Web Application Firewall (WAF), Anti-DDOS, Next Generation Firewall (NGFW), HSM/KMS, Encryption and Tokenization platform, Cloud security technologies such as CSPM, CWPP, AIP, DLP, Zero Trust platforms, etc.
- Conduct research to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
- Ensure Infrastructure threat and vulnerability evaluations are conducted periodically and ensure IT Services teams are patching and updating various infrastructure components regularly in line with agreed SLA's
- Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance
- Ensure appropriate risk mitigation actions and plans are developed by Business IT team, IT Services team and its IT service suppliers.
- Coordinate Infrastructure security assessment activities with entities within Express and external suppliers/customers.
- Provide input to the design and development of management practices and solutions selected from the information security risk treatment plan.
- Identify and evaluate periodically information security controls and counter-measures to mitigate risks to acceptable levels.
- Integrate risk, threat and vulnerability identification into life cycle processes (for e.g. procurement, development, service design).
- Conduct assessment and review on infrastructure security risk exceptions.
- Report significant change(s) in infrastructure risk to appropriate levels of management and follows-up to ensure remediation.
Requirements:
- Minimum 4 to 8 years of IT Security / Information Security experience
- Proven technical skills and/or knowledge of IT Security Infrastructure
- With hands-on experience on Infrastructure OS, Databases, Middleware, and Network Devices Security Hardening configuration
- With hands-on experience on setup, installation and configuration of anyof the following security technologies: Firewall/VPN, IDS/IPS, WAF, Anti-DDoS, NAC, SWG/SEG, EDR/EPP, NDR, IRM, DLP, ATP, 2FA, PAM, SIEM, SOAR, etc.
- Broad familiarity with Security Engineering and Operations topics that affects infrastructure, including but not limited to Network, Endpoint and Cloud Security, Threat and Vulnerability Management, Identity and Access Management, Security Information & Event Management, Key Management, Data Encryption & Tokenization
- Preferably security automation experience and/or have basic scripting/programming and automation skills/knowledge, e.g. Powershell, Python
- Security certification like CEH, CCSK, Azure Security certifications, CISSP is a plus, but not mandatory
Company Reg No.: 201131609D | Licence No.: 11C4684 | EA Reg no: 1871156
