Talent.com
This job offer is not available in your country.
Senior Analyst, IT Security

Senior Analyst, IT Security

Prudential plcKuala Lumpur
17 days ago
Job description

Prudential's purpose is to help people get the most out of life. We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow and Succeed.

Role Purpose :

The Senior Engineer - Application Security is expected to manage day to day operations around security tooling management, handling of operational tickets and performing

triaging of vulnerabilities and incidents. This role is expected to be hands-on with occasionally after office hours / weekend support on migration activities and handling of incidents.

Job Responsibilities :

The incumbent is expected to stay abreast on latest development on DevSecOps tools, techniques, and procedures, as well as having technical “know-how” on various attacker techniques and provide feedback for improvements to tools and processes as needed.

The incumbent will need to have an eye for detail in identifying security vulnerabilities / gaps and propose appropriate / relevant compensating controls.

The incumbent is to ensure security tooling are well maintained and managed in ensuring the effectiveness of tools. This include ensuring tools are maintain with updates, patches, upgrades, and other associated activities. The incumbent also required to maintain and establish good rapport with various tooling vendors, with regards to raising technical incidents and management of these incidents to resolution.

The incumbent need to ensure all application security related process and procedures are efficient and compliant with standards. In addition, the incumbent need to ensure that all application security associated reports and metrics accurately document the details of vulnerabilities, their potential impact, and suggested remediation needed to manage risk.

The incumbent is also required to spearhead application security initiatives, through collaboration with internal and external stakeholders (including third party solution provider).

Key Responsibilities :

  • Manage application security specific tooling as per corporate standard with vendor recommendations.
  • Develops scripts, integration code to ensure the DevSecOps tools work together and provide value to development teams
  • Analyzes application security tool scan results and advises Development teams to strategically resolve identified issues, as part of triaging handling activities.
  • Performs manual and static and dynamic application security testing with automated tools and manual techniques
  • Communicates information, suggestions, and / or problems regarding project status and critical findings to stakeholders.
  • Identifies, develops, and documents in detail security issues and recommendations.
  • Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Software Development teams.
  • Assists with Proof of Concept (PoC), technical evaluation, procuring, managing, and configuring Application Security tools in various environments
  • Performs research of emerging technologies and design frameworks and capabilities required to guide development teams of new technologies adopted by the company
  • Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
  • Creates or maintains necessary DevSecOps processes and documentation
  • Provides ad hoc reports as directed by leadership.
  • Maintains confidentiality on all sensitive security matters.
  • Support Application Security leadership team with alignment to overall team and function objectives.
  • Considering business requirements and associated risk during triaging of application security findings.
  • A good team player in managing internal and external stakeholders in resolving issues and aligning to objectives.
  • Exhibit proactiveness in identifying, highlighting, and remediating gaps and issues.
  • Participate in POV / POC of selected security solutions and provide insights on suitability.
  • Provide insights and opinions on selection of solutions.
  • Accountable in ensuring assigned tasks / projects / assignments are delivered as planned.
  • Participate in department workshop planning for new IT security initiatives and projects.
  • Assist to source for quote and review BOM (Bill of Material) during solution selection.

Job Requirements :

  • Bachelor’s degree or equivalent work experience.
  • More than 5 years of working experience in handling application security in large organization.
  • OSCP Preferred.
  • Additional relevant industry certification(s) preferred such as CISSP, CISM, etc.
  • Familiar with rolling out and managing DevSecOps program and related tools & processes
  • Extensive operational experience in managing and maintaining two DevSecOps domains (minimum) : Static Application
  • Security Testing (SAST), Dynamic Application Security Testing / Runtime (DAST), Container Security (CSec), Software
  • Composition Analysis (SCA), API Security Opensource Security Scanning (OSS) and mobile security.
  • Have deep knowledge on OWASP Top 10 and associated process / standard.
  • Have deep knowledge on application specific vulnerabilities such as CSRF, XSS, Injection attacks, etc.
  • Have operational experience in performing triaging of identified application security findings / vulnerabilities, etc.
  • Experience in creating proof-of-concepts to exhibit gravity of Application Security vulnerabilities to development teams
  • Experience in working with BugBounty program would be advantageous
  • Experience with information security control practices and frameworks is strongly preferred.
  • Experience in multiple development languages would be advantageous
  • Extensive understanding of cryptographic concepts and applied cryptography
  • Proficiency in one or more scripting language (Perl, Python, Shell Scripting etc.)
  • Excellent written and verbal communication skills (in English)
  • Excellent applied critical thinking and troubleshooting skills.
  • Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and
  • complex situations.
  • Ability to work independently with minimum supervision and collaborate in a team environment.
    • Create a job alert for this search

    Security Analyst • Kuala Lumpur

    Related jobs
    Finance Analyst / Senior Finance Analyst

    Finance Analyst / Senior Finance Analyst

    Informa PLCWP Kuala Lumpur , MY
    The Finance Analyst / Senior Finance Analyst will work together with the ASEAN Finance Team and Asia Shared Service Centre (SSC) to support the business by managing the day-to-day finance operation...Show moreLast updated: 30+ days ago
    IT Business Analyst (REF07)

    IT Business Analyst (REF07)

    EPS ConsultantsKuala Lumpur, Federal Territory of Kuala Lumpur, MY
    Quick Apply
    Collaborate in various phases of new IT software and product development projects for the eldercare sector, including requirement gathering, research, feasibility analysis, functional design, testi...Show moreLast updated: 28 days ago
    Senior Business Analyst

    Senior Business Analyst

    HSBCKuala Lumpur, Malaisie
    Some careers have more impact than others.If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be. HSBC is one of the largest banking and fin...Show moreLast updated: 11 days ago
    Senior Business Analyst

    Senior Business Analyst

    EndavaKuala Lumpur
    You will be challenged to work alongside passionate individuals, who always strive to continuously improve and who share the same vision on what "done" work signifies. You will be a member of a team...Show moreLast updated: 30+ days ago
    IT Analyst, Senior Associate - EY Global Tax E-invoicing

    IT Analyst, Senior Associate - EY Global Tax E-invoicing

    EYKuala Lumpur, Federal Territory of Kuala Lumpur, MY
    With the continuing and rapid development of tax technology solutions, it is necessary to enhance our operational models to achieve success in the future. In supporting our service offerings on Mala...Show moreLast updated: 30+ days ago
    System Analyst (Retail IT Developer)

    System Analyst (Retail IT Developer)

    Petron MalaysiaKuala Lumpur, Federal Territory of Kuala Lumpur, MY
    Quick Apply
    Petron Malaysia is an emerging and rapidly evolving Asian oil company.It is part of Petron Corporation which is the leading oil company in the Philippines. Our integrated refining, distribution, and...Show moreLast updated: 30+ days ago
    IT Access Provisioning Analyst

    IT Access Provisioning Analyst

    AdeccoFederal Territory of Kuala Lumpur, Kuala Lumpur, MY
    Main Task and Responsibilities : .Work with IT Operations Manager to ensure they provide the best possible customer service. Responsible for the end-to-end delivery of security requests for the busine...Show moreLast updated: 30+ days ago
    IT Specialist, Network and Security (MY)

    IT Specialist, Network and Security (MY)

    QCPKuala Lumpur, Federal Territory of Kuala Lumpur, MY
    Quick Apply
    QCP is Asia's leading digital asset partner, empowering clients to seamlessly integrate digital assets into their portfolios. We offer a comprehensive range of solutions - from spot on / off ramping a...Show moreLast updated: 30+ days ago
    IT Business System Analyst

    IT Business System Analyst

    Vista Kencana Sdn BhdKuala Lumpur, Kuala Lumpur, Malaysia
    Bachelor's Degree : In Business Administration, Information Technology, Computer Science, or a related field.Advanced Degree (Optional) : MBA or a Master's in Information Systems is preferred for sen...Show moreLast updated: 16 days ago
    Senior Risk Analyst

    Senior Risk Analyst

    LalamoveKuala Lumpur
    Lalamove is disrupting the logistics industry by connecting customers and drivers directly through our technology.We offer customers a lightning fast and convenient way to book delivery and moving ...Show moreLast updated: 6 days ago
    Senior Security Technical Lead

    Senior Security Technical Lead

    5130 Kyndryl Malaysia Sdn. Bhd.Kuala Lumpur
    At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ...Show moreLast updated: 10 days ago
    IT Administrator (Cyber Security) (m / f / d)

    IT Administrator (Cyber Security) (m / f / d)

    Mühlbauer GroupKuala Lumpur
    We are looking to strengthen our team at our site in.IT Administrator (Cyber Security) (m / f / d).VMware), Windows Server, and Linux OS. As part of an interdisciplinary support team, you will work alon...Show moreLast updated: 16 days ago
    (Senior) Security Engineer, Security Engineering & Threat Intelligence

    (Senior) Security Engineer, Security Engineering & Threat Intelligence

    Crypto.comKuala Lumpur, Other / Non-US, Malaysia,
    Quick Apply
    We are looking for an intermediate level security engineer to join our Global Cybersecurity Services Team.As part of our modern cybersecurity operating model, the role will be engaged in enhancing ...Show moreLast updated: 5 days ago
    Analyst, IT Helpdesk

    Analyst, IT Helpdesk

    AverisKuala Lumpur
    Here at Averis, our common purpose is to improve lives by developing resources sustainably.Our people are crucial in helping us to realise our vision to be one of the best Global Business Solution ...Show moreLast updated: 6 days ago
    Cyber Security Metrics and Behavioural Analyst

    Cyber Security Metrics and Behavioural Analyst

    dentsuKuala Lumpur
    Dentsu is a global leader in integrated growth and transformation, driving sustainable solutions and innovation for some of the world's most influential brands. Founded in 1901, dentsu operates in a...Show moreLast updated: 17 days ago
    Security Analyst L2

    Security Analyst L2

    LogicalisKuala Lumpur
    As Architects of Change, Logicalis' focus is to design, support and execute clients' digital transformation by uniting their vision with their technology expertise and industry insights.The company...Show moreLast updated: 30+ days ago
    Senior IT Infrastructure Engineer

    Senior IT Infrastructure Engineer

    EPSKuala Lumpur
    Infrastructure Design and Implementation : Designing, implementing, and maintaining complex technology infrastructure, including network, server, storage, and cloud environments.System Management an...Show moreLast updated: 6 days ago
    Senior Risk Analyst (Banking)

    Senior Risk Analyst (Banking)

    BTC Recruitment MalaysiaKuala Lumpur
    Open Position : Senior Risk Analyst (Banking).An establish bank is looking to hire Senior Risk Analyst for their office in Kuala Lumpur. Bachelor’s degree in Computer Science / Statistic / Information Te...Show moreLast updated: 17 days ago