Information Security Analyst (Public Enterprise)

• Support SP3d Information security work streams such as security analytic through Splunk, secure code review through Fortify, web scanning through Appspider application whitelisting through MS Applocker and SUSE Apparmor, Tufin firewall management, patch management through SUSE manager and MS WSUS, anti-virus for non-production through Trend Micro Deep Security, compliance management through Tripwire and Nexpose
• Perform technical advisory in assigned project area for ensuring identified information security risks are mitigated and controls are implemented.
• Coordinate and conduct IS assurance activities on application software and code review to identify security exposures. Support and advise IT collagues on remediation efforts.
• Coordinate and implement various security solutions and security controls. Support and advise IT colleagues on risk treatments.
• Work with IT teams in adopting secure programming practices throughout the system development lifecycle; and work with application and technology architects to assess the risk and impact to business of existing and future business applications implementations.

• At least 3 years working experience in IT industry
• Good understanding of information security, system audit, and risk management which integrated into application development lifecycle.
• Qualified professional certifications such as CISSP, CISA, CEH, CSSLP or their equivalent.
• Excellent analytical skills and ability to present technical information and statistics to enable management to make sound decisions.
• Knowledge and experience of Windows, Linux, AD, Group Policy, Network, Firewall
• Knowledge of vulnerability scanners, security testing tools and methodologies such as Trend Micro Deep Security, Splunk, Applocker, Tufin, Tripwire and Nexpose would be desirable.
• Knowledge of code review or vulnerability scanning would be an advantage
• Strong communication skill and ability to work in a team.

Classy Wheeler