Security and Vulnerability Engineer

Job Description

Security and Vulnerability Engineer (12 month fixed-term contract)

PURPOSE OF THE ROLE

The role of Security/Vulnerability Engineer is to deliver additional technical and administrative support to the Asia Pacific teams and enable them to implement and comply with the new WarnerMedia security policies.
The candidate must be a strong team player, possess a keen eye for detail, be able to work to tight deadlines and possess the ability to prioritise and coordinate. They should also have a high level of computer literacy and understanding of the current security landscape.

AREAS OF RESPONSIBILITY

MAJOR ACTIVITIES
• Provide expertise in vulnerability management processes and network vulnerability scanning to reduce potential impact on business
• Configure network scans, schedule network scans to run with bandwidth use in mind, and ensure accurate vulnerability assessment
• Monitor all aggregated security vulnerability data to provide opinion on the security posture of the estate
• Facilitate approval of business operation change requests and administration / policy configuration of all Infrastructure tool sets
• Review and manage Security Events or policies, investigating incidents and managing them through the life cycle up to remediation/resolution and lesson learnt phase
• Helping develop/modify the current security/vulnerabilities support service model, identify actions and work plan according to the security gap remediation program
• Coordinate security and patching works among infrastructure teams in the APAC region and consolidate monthly report to keep track of progress
• Work alongside Cybersecurity SMEs to interpret metrics, enable their collection and visualisation
• Analysing scan report results, drawing up conclusions and gaining agreement with teams and carry out remediate actions according to deadlines
• Documenting the as-is and to-be processes and procedures and prepare to file exceptions on case by case basis according to the guidelines
• Monitoring and reporting progress of agreed work packages, socialising any concerns or gaps that will impact ability to deliver

AREAS OF ACCOUNTABILITY

Selection Criteria
• Solid experience on Infrastructure Security/Vulnerability management role in corporate environments
• Experience to use security tools and comprehend vulnerabilities reports e.g. Qualys, Tenable, BringQA, Sentential One, Alertlogic
• Preferably experience in media industry across media supply chain operational environments
• Excellent IT skills (Windows and Linux) and preferably exposure to scripting (e.g. Ansible, Python)
• Experience with collaboration solutions such as SharePoint, Microsoft Teams, Slack, OneDrive, DropBox … etc.
• Experience of defining/enforcing security remediation operational arrangements e.g. change process, support matrix and workflow
• Presenting recommendations to different stakeholders and gaining sign-off by addressing queries from different stakeholders
• Critical thinker and ability to work well under pressure with tight deadline
• Good verbal and written communication skills, with ability to communicate technical concepts to non-technical audiences

COMPETNCY ASSESSMENTS

Planning & Organising
• Able to juggle priorities and can concentrate on several areas of work at one time.
• Collaborative working & Managing Relationships
• Recognises the importance of sharing and disseminating information to others in the team.
• Takes care and time to maintain and develop existing relationships.
• Is aware of, and shows understanding and respect for, other people's needs and actions. Values individual differences. Actively provides opportunities for others to participate in group situations. Has an ability to establish rapport quickly and effectively with new clients / people.
• Resilience
• High levels of self-motivation, with the ability to work on own initiative.
• Demonstrates an approach to work that is characterised by commitment, motivation and enthusiasm. Maintains personal effectiveness by managing own emotions in the face of pressure, setbacks or when dealing with provocative situations.
• Flexibility and adaptability
• A willingness to be flexible in meeting the challenge of working across a diverse range of delivery teams.
• To manage uncertainty and adapt the system to meet changing operational requirements where required.
• Communication
• Makes communication timely and regular. Checks for understanding.

Jobcode: Reference SBJ-ro3xj4-18-217-182-45-42 in your application.