Talent.com
Tawaran kerja ini tidak tersedia di negara anda.
DevSecOp Engineer

DevSecOp Engineer

Sime Darby Property BerhadPetaling Jaya, Selangor, Malaysia
16 hari lalu
Penerangan pekerjaan

Requirements

Key Responsibilities

Endpoint, Email & SaaS Protection

Administer Microsoft Defender for Endpoint / Identity / Office / Cloud Apps; maintain Trend Micro Cloud App Security (where applicable).

  • Design, deploy, and maintain AV / EPP / EDR and XDR policies (real-time / tamper protection, ASR, ransomware protections).
  • Maintain sensor health & coverage; drive remediation for unhealthy / missing agents via Intune / SCCM.

Administer anti-phishing, Safe Links / Attachments, and BEC / impersonation protections tuned for SDP business flows (e.g., tenders, vendor onboarding).

Data Protection

Operate endpoint / M365 DLP (policies, labels, monitoring).

Enforce device encryption (BitLocker), device / USB control, and application control with governed exceptions.

Vulnerability & Patch Operations

Run authenticated scanning across endpoints, servers, and site devices; prioritize via asset criticality and exposure scores (e.g., Secure Score / Defender Exposure Score).

Coordinate remediation SLAs with owners; track through ITSM and verify closure.

Investigations & Digital Forensics

Lead investigations into malware outbreaks, suspicious XDR activity, email / BEC attempts, DLP events, account compromise, policy breaches, and third-party incidents impacting SDP.

Work hand-in-hand with the SOC for containment / eradication, evidence handling, RCA, and post-incident improvements.

Network Security & Access Controls

Operate NAC (802.1X, guest / corporate segmentation); close gaps allowing unmanaged / personal devices.

Partner with IAM / PAM to enforce least privilege, Conditional Access, and compliant-device requirements.

VAPT Program Management

Plan, coordinate, and execute SDP's risk-based VAPT program across internet-facing portals, core business applications (e.g., IFCA), cloud (Azure / M365), network / security controls (NAC / SD-WAN), and selected site / IoT footprints—driving timely remediation and measurable risk reduction.

  • Manage vendor testing, log findings in ITSM, and drive retests to closure.

    • Scope of Technology coverage

  • Endpoint protection : Microsoft Defender for Endpoint (EPP / EDR), Trend Micro (Apex One / Cloud App Security).
  • Email & SaaS security : M365 Defender for Office 365; Trend Micro CAS (if applicable).
  • Data protection : M365 DLP / labels, BitLocker, device / USB control, WDAC / AppLocker.
  • Vulnerability & posture : Tenable / Nessus (or equivalent), Secure Score / Defender Exposure Score, Intune / SCCM compliance.
  • Privileged Access : Establish and operate a least-privilege, just-in-time (JIT) model for privileged identities (cloud, on-prem, applications, databases, network, site / IoT).
  • Network adjuncts : NAC integrations (802.1X posture, unmanaged device quarantine), secure web access / SWG (where applicable).
  • Management & plumbing : Intune / SCCM / GPO, Freshdesk  ITSM, Sentinel playbooks, license portals.

    • Minimum Qualifications

  • Bachelor's in Cybersecurity / IT or equivalent experience.
  • 2 – 5 years in SOC / IR, XDR / SIEM operations, EDR, email security, and network security (NAC / SD-WAN familiarity preferred).
  • Hands-on with Microsoft Sentinel & Defender suite, Azure Cloud, and M365 security.

    • Certificates (nice to have)

  • Microsoft SC-200 / SC-300 / SC-400, AZ-500
  • CompTIA Security+, CySA+, PenTest+
  • GIAC (GCIA, GCED, GCIH) or equivalent
    • Buat amaran kerja untuk carian ini

    Engineer • Petaling Jaya, Selangor, Malaysia