Position Description

Information Security Engineer
Primary Location Singapore
Possible Hiring Locations Singapore
Department 0946 - Network Engineering & Security
Apply Now

Position Job Duty:

To improve application, system, and network security visibility and validation, responding to events as necessary within required timeframes.

Position Summary:

This is an operational role that requires hands-on experience. Information Security Engineers may be called on to engage in a team effort together with other E&IT departments and non-IT business units. The duties require the consistent exercise of judgment and discretion, ability to work with limited supervision regarding technical issues and the ability to collaborate in technical efforts of a team to meet security project goals.

Required Knowledge, Skills, and Abilities (KSAs):

  • Working on problems involving enterprise security risks with minimal supervision.
  • Perform as a Subject Matter Expert in the realm of Information Security with cross-functional teams in the organization.
  • Document, and assist in providing security advisories for staff
  • Co-authoring information security policies and defining procedures to implement industry best practices.
  • Participating in projects to identify security issues proactively through analysis of network traffic, software and hardware testing, log review and consultation with users.
  • Conduct or collaborate on forensic examinations of digital records, logs, and other data.
  • Working with various corporate security systems
  • Work with IT End User Support staff in analyzing security-related events to assist with escalation decisions.
  • Participate in or coordinate security monitoring and incident response for ICANN systems.
  • Coordinate with vendors and external security teams to address security issues for external IT services and systems.
  • Evaluate the impact to the organization of current security advisories, publications, and trends.
  • Apply automation to simplify routine tasks.
  • Perform security reviews and provide insights throughout all phases of software development.
  • Proficiency in developing clear, concise and easy to follow documentation for security operations related procedures.
  • Scripting/programming skills such as shell scripting, Python, Perl.
  • Systems operation and administration experience with Linux, Windows Server, VMware and/or container
  • Incident Response
    • Respond to security events on a 24/7 basis if necessary
    • Collect, analyze and archive electronic and written records, digital media, notes, and other evidence
    • Identify ways ICANN can learn from security events and avoid repeat events
  • Subject Matter Expertise in at least 2 of the following areas, with the capability to acquire expertise in all:
    • Identity Management
      • Authentication and Authorization
      • User Behaviour Analytics
    • Data Security
      • OS Security Hardening (Windows, Linux, MacOS, iOS)
      • Knowledge (or the capacity to quickly gain knowledge) of encryption theory and practice (e.g. TLS, HMAC, RSA, AES, PKI)
    • Network Security Monitoring
      • Log Management (SEIM)
      • IDS/IPS
      • Packet Capture Dissection
    • Web Application Security
      • Attack Techniques
      • Secure Coding Practices
      • Common Vulnerabilities and Mitigation
    • Vulnerability Detection and Management
      • Manual Attack / Defense Techniques
      • Automated Scanning
      • Passive Network Detection
    • Threat Modeling and Security Controls
      • DREAD
      • STRIDE
      • NIST CSF
    • Data Security/Privacy Practices
      • Anonymization methods
      • Tokenization methods
      • Masking methods
  • Other duties as assigned or requested
  • Able to travel internationally if requested

 

Desired Education and Experience Requirements

  • Bachelor's degree in Computer Science or IT or equivalent training and experience in Computer Science, Information Technology, with 3 - 5 years of related experience.
  • Professional certifications in Information Security, such as SANS GIAC certs or similar.
  • 3 - 5 years of overall IT operational experience including, ideally, at least two years of security-related projects.
  • Strong written and verbal communication skills in English.

 

 

Back Apply Now