We are seeking a highly motivated and proactive IT Security Engineer to join our team and play a critical role in enhancing the security posture of our cloud, application, and overall IT infrastructures. Reporting to the VP of IT Security and working in close collaboration with our IT and Engineering teams, this position requires a blend of offensive and defensive security expertise to safeguard our systems.
Key Responsibilities :
Offensive Security Operations :
- Conduct dynamic application security testing (DAST) utilizing tools such as Rapid7 InsightAppSec to identify and address vulnerabilities in our applications.
- Provide essential support for Static Code Analysis Tools (SAST) to integrate security early into the software development lifecycle.
- Continuously optimize and refine existing security tools, with a strong emphasis on leveraging and implementing native cloud security controls, including advanced features within Rapid7 InsightCloudSec.
Defensive Security Operations :
Actively contribute to the reduction of security incidents through proactive measures and swift response.Participate in all phases of incident response, from detection and analysis to containment, eradication, and post-incident review.Manage and prioritize vulnerabilities across our infrastructure using tools like Rapid7 InsightVM, ensuring timely remediation.Oversee and maintain endpoint protection solutions (e.g., Microsoft Defender, Trend Micro) to defend against sophisticated threats.Efficiently triage and respond to security alerts generated by our Security Information and Event Management (SIEM) system, Rapid7 InsightIDR.Proactively monitor and manage cloud Identity and Access Management (IAM) configurations to enforce least privilege and prevent unauthorized access.Perform comprehensive vulnerability remediation activities across various platforms.Research and evaluate security tool upgrades and new technologies to ensure we maintain a cutting-edge defense.Assist in hardening IT systems and applications against potential threats by implementing security best practices and configurations.General Security Administration & Compliance :
Diligently track and report on security risks, ensuring appropriate mitigation strategies are in place.Provide critical support for compliance initiatives, particularly those related to cloud-specific frameworks and regulations.Requirements
A minimum of 5 years of professional experience in a related IT security role, with a significant portion of that experience focused on cloud security.Demonstrated strong expertise in cloud security principles and best practices across major cloud providers, including Amazon Web Services (AWS), Microsoft 365, and Azure.In-depth knowledge of native cloud security controls, Cloud Security Posture Management (CSPM), Infrastructure as Code (IaC) security, cloud-aware SIEM solutions, and robust cloud identity management strategies.Hands-on experience with leading security tools such as Rapid7 InsightVM, InsightIDR, and InsightCloudSec.A deep understanding and practical application of industry security best practices, including NIST frameworks, OWASP Top 10, Microsoft Security Development Lifecycle (SDLC), and CIS benchmarks.This role requires participation in an on-call rotation to address urgent security matters, occasional evening and weekend support as needed, and potential travel for training or team meetings.Must be willing to work on US hours (9pm - 6am)Job Type : Full-time
Pay : RM8, RM12,000.00 per month
Benefits :
Health insuranceOpportunities for promotionParental leaveProfessional developmentVision insuranceApplication Question(s) :
Are you willing to work on US hours (9pm - 6am)? Y / N?Experience :
Cloud Security Protocol : 3 years (Required)Work Location : In person