You will:
· Perform threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment
· Work with IT infrastructure, network operations teams and other IT stakeholders to review and assess new setups, changes, and upgrades to the organisation’s network infrastructure and network components to ensure any move and change will not introduce security risks to the organisation
· Perform vulnerability scanning across the Club’s technology landscape work with key stakeholders to identify, govern and mitigate identified vulnerabilities
· Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and within budget
· Work closely with business and IT stakeholders to schedule and perform system and network vulnerability scanning, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats
· Conduct the web scanning and automated code testing of in-house applications, and guide developers and IT colleagues on coding best practices and mitigations prior to production release to ensure that systems are resistant to known attack vectors, e.g. OWASP Top 10, when deployed
· Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)
· Support the reviews and updates of applicable cyber defence policies, regulations, and compliance documents specifically related to Threat Vulnerability Management and Security Testing
· Undertake other duties assigned by Cyber Security Management. Confidential
· Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours
You should have:
· University Degree in computer science, engineering or related discipline
· Minimum of 5 years of practical experience in IT Security Operations, Network infrastructure in a corporate environment with large-scale transaction websites and complex IT infrastructures and operations
· Cybersecurity certifications such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender etc. would be desirable
· Experience in Threat and Vulnerability Management
· Technical background, particularly in web application development, infrastructure & networking
· Able to manage the execution of action plans for ensuring the safety and security of all information system assets
· Excellent interpersonal
· Must demonstrate effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
· Must possess analytical, problem solving and documentation skillsExpertise in security testing, threat and vulnerability management tools and techniques, particularly around vulnerability scanning, patch management and penetration testing
· In-depth experience in secure coding practices, source code review, and Internet threat vectors such as the OWASP top 10
· Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy as well as End-Point security
· Working knowledge of security data analytics and incident handling
· Working knowledge in ISO27001/2 or regulatory compliance standard