Reporting To (position):
Assistant Manager/Manager – ICT Information Security
This role evaluates, integrates, manages, and optimizes next-generation endpoint protection solutions and strategies, performs security assessments, analyses vulnerabilities and threats, and coordinates with Security Operations teams to protect Petrolink networks and assets. It requires deep understanding of network security, risks, threats and prevention measures.
An Ideal Engineer needs be proactive, take ownership and work in collaboration with other team members.
Duties & Responsibilities
- Plan, design and build of information security controls and support security architectures.
- Develop, document and implement enterprise information security monitoring procedures for on-premise and cloud hosted infrastructure.
- Perform vulnerability testing, risk analyses and security assessments.
- Identify and suggest system and network security requirements.
- Investigate and respond to security incidents and violations.
- Configure and troubleshoot security infrastructure devices.
- Develop technical solutions and new security tools to help mitigate security vulnerabilities.
- Investigate known and suspected information security events and develop related reports and provide leadership to the InfoSec Operations Center team.
- Raise awareness of security policies and develop activities for enforcing information security awareness culture.
- Works with internal customers to interpret/clarify/implement security requirements and any changes in the current security practice.
- Continuous improvement of the security defence capabilities.
- All other duties as assigned.
Knowledge and Competencies
- 4 – 8 years experience in information security domain, with minimum 2+ years as a network security engineer supporting a multinational organization.
- Hands-on technical proficiency with ICT Infrastructure devices viz. Firewall, IDS/IPS, DLP, Antivirus, Active Directory and SIEM tools.
- Demonstrated proficiency in network and/or system administration.
- Knowledge of network technologies not limited to Routers, Switches, Firewalls.
- Knowledge on computer forensic tools, technologies and methods.
- Experience with security scanning tools, specifically with Nessus and Nexpose.
- Incident Management and Forensics experience in analysing security events, logs and RCA.
- Working knowledge of web application firewalls, load balancers and proxies.
- Knowledge and understanding of the Centralized Antivirus System.
- Ability to meet deadlines and adjust to changing priorities to meet business goals.
- Familiarity with threat intelligence and network forensic tools will be added advantage.
- Understanding of Windows, Linux, Mac operating systems, threats, and vulnerabilities.
- High Proficiency in English (Written and Oral).
- Master’s Degree in Computer Science, or equivalent work experience.
- Security certification like Security+, CCNA Security, CCNP Security, GIAC, CompTIA, CEH, CHFI or similar (desirable).
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills.