- InfoSec
- ISO 27001/2, SANS top 20 and NIST 800-53
- CoBIT, ISO, NIST, ITIL, PCI
Our Client is a licensed crypto investment platform, which offers a wide range of crypto-based financial services. The company believes that Blockchain and Cryptocurrency technologies will form a big part of the future of Finance in Indonesia.
Job Description:
- Automate security testing and auditing to prevent regressions and catch issues before they reach production
- Codify traditional security processes to take humans out of the equation making security consumable as a service
- Provide security expertise on system, network, encryption, authentication, and governance
- Provides hands on supports to the product engineering, service delivery and operation teams, incident response team, and architecture development team, including monitoring and capacity planning
- Acts as the senior technical representative for Enterprise Security while engaging with other senior technical leaders throughout organization in design and implementation of cloud and cloud/hybrid based implementations and solutions
- Drive the security standards and tool strategies for public and private cloud solutions
- Conduct technology assessments to establish and validate an enterprise security baseline and establish a technical direction
- Set technical standards for Cloud infrastructure, containers, security baselines, policies and procedures
- Develop and implement security controls for the Cloud infrastructure providers
- Analyze security configurations and provide vulnerability reports
- Experience with cloud services, know the pitfalls and potential security problems with traditional cloud deployments
- Participate on automation of incident prioritization, false positives identification, correlation, vulnerability remediation
- Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience
- 5+ years of prior relevant experience
- Experience in risk, compliance and information security policy development.
- Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
- Knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53.
- Possess advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
- Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations
- Experience with vulnerability scanning solutions
- Familiarity with the DOD Information Assurance Vulnerability Management program.
- Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
- Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands
WeNetwork