Big Data Exchange (BDX), A leading Pan Asian hybrid, hyperscale and edge solutions provider with assets<br /> located in Hong Kong, Singapore, Guangzhou, Nanjing and expanding footprints in SEA regions.<br /> Our hybrid ecosystem provides colocation, Enterprise Services, private cloud services, disaster recovery<br /> services, and interconnect solutions across cloud service providers, telcos, internet exchanges and major<br /> data centers.<br /> We power digital transformations and sustainability as part of our core values to provide mission-critical<br /> infrastructure for Enterprise IT workloads. To find out more, please visit www.BDxworld.com<br /> ROLE SUMMARY<br /> The Security lead will provide security incident response and readiness as part of a 24x7 Security<br /> Operations Centre within and in support of the IT Infrastructure and Operations team. Support global<br /> vulnerability management processes including OS and infrastructure patching, hardening and testing<br /> efforts. Operate security related tools (HIDS, NIDS, IPS, Analysers, Scanners, etc.) to identify active threats,<br /> attacks, vulnerabilities, exposures, etc., and prioritize for activity within the team. Assist in speedy<br /> identification of mitigation/remediation solutions.<br /> DUTIES AND RESPONSIBILITIES<br /> Key Responsibilities:<br />  Security Incident Response:<br />  Provide timely and effective security incident response within a 24x7 SOC environment.<br />  Lead operation teams to effectively maintain the lifecycle of both on-premises and cloud-based security<br /> solutions.<br />  Manage response to security and operational incidents, and on-going security requests.<br />  Coordinate and manage security incidents to ensure swift identification, containment, and remediation.<br />  Develop and maintain incident response playbooks and procedures.<br />  Participate and contribute to industry cyber forums, both formal and informal.<br />  Support all audits and reviews requests.<br />  Monitor developments in the information security industry and communicate on the potential impact<br /> or applicability to the organization<br />  Vulnerability Management:<br />  Support global vulnerability management processes including operating system (OS) and infrastructure<br /> patching, hardening, and testing efforts.<br /> Date:, Version 2.0 Page 2 of 3<br />  Conduct regular vulnerability assessments (VAPT) and prioritize remediation activities.<br />  Collaborate with IT teams to implement and validate security patches and updates.<br />  Security Tools Operation:<br />  Manage the Total Cost of Ownership (TCO) for security solutions which includes new investments and<br /> business-as-usual financials.<br />  Operate and manage various security tools including Host Intrusion Detection Systems (HIDS), Network<br /> Intrusion Detection Systems (NIDS), Intrusion Prevention Systems (IPS), analysers, scanners, and more.<br />  Continuously monitor and analyse security tools to identify active threats, attacks, vulnerabilities, and<br /> exposures.<br />  Prioritize identified threats and vulnerabilities for remediation activities within the team.<br />  Threat and Vulnerability Identification:<br />  Assist in the identification and evaluation of security threats and vulnerabilities.<br />  Conduct in-depth analysis of security events to determine the root cause and potential impact.<br />  Provide recommendations for mitigation and remediation solutions to address identified security<br /> issues.<br /> <br /> QUALIFICATION AND EXPERIENCE<br /> QUALIFICATION &<br /> EXPERIENCE<br />  Proven track record for managing technical resources to deliver technology<br /> lifecycle<br />  Have relevant information security experience working with or for a global<br /> exchange or a global financial firm. Other IT operational experience will also be<br /> considered.<br />  Solid knowledge and experience in cloud technologies, and familiar with cloud<br /> security architecture, design and operations.<br />  Relevant experience with SecDevOps principles, Security Automation and<br /> Orchestration.<br />  Must have relevant experience with industry best-practice approaches to the<br /> design, implementation, operation and management of IT systems (e.g. Agile,<br /> Waterfall, ITIL, COBIT)<br />  Must have relevant experience with information security (e.g. CISSP, CCSP).<br />  Must have strong information security technology knowledge/concept and can<br /> effectively communicate with senior management and a broad range of<br /> technical/non-technical audiences. Strong written communication skills,<br /> experienced with writing board-level papers and verbal presentations to senior<br /> management.<br />  Must have a relevant University degree in Computer Science, Information<br /> Management, or related field, or equivalent experience.<br /> Date:, Version 2.0 Page 3 of 3<br /> COMPETENCY AND BEHAVIORAL SKILLS (Use “E” to denote Essential and “D” for Desirable)<br /> E- Bachelor’s degree in computer science, information systems, cyber security or a related field.<br /> E- At least 10 years of relevant experience in cyber security<br /> E- Knowledge of information technology operation (e.g. cloud, data, system, application and infrastructure,<br /> etc.)<br /> E- Knowledge of cyber security assessment (e.g. security audit, vulnerability assessment, penetration<br /> testing, etc.)<br /> E- Knowledge of cyber security product (e.g. End-Point Solution (EDR), WAF, DLP, SIEM, SOAR)<br /> E- Knowledge of market best practice and framework (e.g. ITIL, ISO, PCI-DSS, NIST, etc.)<br /> E- Certification in cyber security is an advantage (e.g. CISSP, CISM, CISA, ISO Lead Auditor, CEH, etc.)<br /> D- Certification in project management and framework is an advantage (e.g. PMP, CPM, CSM, PRINCE2,<br /> CompTIA Project+, etc.)