Principal Security Engineer

Posted 03 November 2022
Salary 150-200K
Job type Permanent
DisciplineTechnology
Reference40215
ContactJK Lee

Job description

Our client is the leading telco digital telco in the region with operations & serving digital consumers in 5 APAC countries and still expanding.

As part of the expansion, they are looking for a Security Engineer at the Principal/ Expert level, to bring their cybersecurity competency to the next level.

 

Responsibilities:

  • Responsible for leading and implementing the various initiatives that improve the security posture and proactively mitigate threats.
  • As the Subject Matter Expert; drive security hygiene and best practices throughout the SDLC lifecycle including architecture, development and into production
  • Build automation to constantly detect & remediate key security gaps & vulnerabilities across teams and deliverables
  • Overall security organization structure inculcating best practices and hiring for best in class.
  • Work & collaborate with other non-technical stakeholders of the business and leaders to apprise them of risks and threats on an ongoing basis.
  • Discover and patch authentication and authorization flaws, and other web-based security vulnerabilities for OWASP Top 10 and beyond
  • Ensure deep monitoring of information systems for security incidents and vulnerabilities; including ongoing reports on incidents, vulnerabilities, and trends to IT or executive management.
  • Handle both strategy and controls to help deliver across the markets with ongoing governance through tooling & automation, at scale:-
    • Data protection. Consistent implementation & adherence.
    • Infrastructure security controls. Adoption and governance.
    • Cloud security and governance framework, continuous compliance at scale through tooling & automation.
    • Ongoing Detective controls
    • Incident response
    • Code quality. Proactively identify and reduce security risks. Find and remove outdated and vulnerable code and code libraries.
  • Communication
    • Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
    • Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
    • Educate other developers on secure coding best practices.
    • Ability to professionally handle communications with outside researchers, users, and customers.
    • Ability to communicate clearly on technical issues.
  • Write code and build systems that are not only secure but scale to a large number of users and systems
  • Work closely with the Operational teams and provide L3 engineering support, where needed.
  • Develop security training and guidance for internal development teams

Requirements:

  • Degree in computer science, or equivalent
  • More than 12 years of hands-on working experience in the IT security field; with preferably 5 years of relevant Security Engineering Leadership
  • Ability to detect, triage and handle security issues independently
  • Strong design and architectural understanding of various highly scalable and highly available products on the cloud
  • Competency in SDLC Activities which include Analysis, Design, Development, Testing, Deployment and Post-Production Support etc.
  • Strong people management skills to lead and build a high-performing team
  • Experience in working with stakeholders driving improvement of security posture with a sense of urgency and ongoing communication.
  • Familiar with security tools, assess and integrate tools as needed.
  • Familiar with common security libraries, security controls, and common security flaws that apply to applications.
  • Expertise in common tools and technologies including authentication, browser-based security controls, standard web application security tools, security technologies such as SIEM, Firewall, DLP and hybrid/Cloud Security environments
  • Experience with networking Concepts such as Routing, VLANs, VPCs, Route Tables, Subnet management, Network Services etc.
  • Ability to communicate clearly on technical issues.