Established in 2003, IT SSC seeks to add value by transforming IT support functions to bring higher returns to Sunway Group’s businesses. As a centre of excellence, IT SSC provides world-class support services to most IT projects within the Sunway Group, and delivers value through the standardisation, consolidation and optimisation of IT resources within the Group.

Job Responsibilities:

• Test and implement security systems including hardware, software and integration related components.

• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques, and tools

• Conduct security assessment including penetration test, vulnerability assessment on network, application and information system to identify vulnerabilities and recommend corrective action.

• Perform periodic network, web application, mobile application, physical security reviews, social engineering tests, and other related cyber security practices.

• Provide detailed remediation guidance for findings

• Assist with the coordination and performance of all third-party penetration testing projects, regulatory examinations, and other audits of information systems.

• Review and validation procedures for all findings noted by third-party testers related to network and web application security.

• Author quality penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses

• Conduct detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis, impact assessments and rapid response to aid detection of those responsible and make recommendations to assist prevention of similar incidents.

• Assist Infrastructure and Application Teams with prioritization of patches and security fixes following the vulnerability assessment.

• Responsible for organizing and systematically completing supporting documentation to support the work performed.

  
  

Job Requirement:

• Technical knowledge across a broad range of computing platforms and network protocols

• High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows operating systems

• Know-how in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems)

• Professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues

• Tools – Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex: Burp, Nessus, Nmap, Kali Linux)

• Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences

• Candidates with any professional certification that covers Vulnerability Assessment & Penetration Testing will have an added advantage.

• Familiar with standards and requirements such as ISO27001, NIST, PCIDSS and that of financial authorities (e.g. GPIS/RMiT) will be an added advantage.

  
  

Are you ready to elevate your working skills and experience? Click the ‘Apply Now’ and you are one step ahead to an outstanding career.

Our recruitment team will reach out to shortlisted candidates only.