Security Lead - BDX | Scrabble & Jigsaw
Posted on September 15, 2025
Job Description
Big Data Exchange (BDX), A leading Pan Asian hybrid, hyperscale and edge solutions provider with assets
located in Hong Kong, Singapore, Guangzhou, Nanjing and expanding footprints in SEA regions.
Our hybrid ecosystem provides colocation, Enterprise Services, private cloud services, disaster recovery
services, and interconnect solutions across cloud service providers, telcos, internet exchanges and major
data centers.
We power digital transformations and sustainability as part of our core values to provide mission-critical
infrastructure for Enterprise IT workloads. To find out more, please visit www.BDxworld.com
ROLE SUMMARY
The Security lead will provide security incident response and readiness as part of a 24x7 Security
Operations Centre within and in support of the IT Infrastructure and Operations team. Support global
vulnerability management processes including OS and infrastructure patching, hardening and testing
efforts. Operate security related tools (HIDS, NIDS, IPS, Analysers, Scanners, etc.) to identify active threats,
attacks, vulnerabilities, exposures, etc., and prioritize for activity within the team. Assist in speedy
identification of mitigation/remediation solutions.
DUTIES AND RESPONSIBILITIES
Key Responsibilities:
Security Incident Response:
Provide timely and effective security incident response within a 24x7 SOC environment.
Lead operation teams to effectively maintain the lifecycle of both on-premises and cloud-based security
solutions.
Manage response to security and operational incidents, and on-going security requests.
Coordinate and manage security incidents to ensure swift identification, containment, and remediation.
Develop and maintain incident response playbooks and procedures.
Participate and contribute to industry cyber forums, both formal and informal.
Support all audits and reviews requests.
Monitor developments in the information security industry and communicate on the potential impact
or applicability to the organization
Vulnerability Management:
Support global vulnerability management processes including operating system (OS) and infrastructure
patching, hardening, and testing efforts.
Date:, Version 2.0 Page 2 of 3
Conduct regular vulnerability assessments (VAPT) and prioritize remediation activities.
Collaborate with IT teams to implement and validate security patches and updates.
Security Tools Operation:
Manage the Total Cost of Ownership (TCO) for security solutions which includes new investments and
business-as-usual financials.
Operate and manage various security tools including Host Intrusion Detection Systems (HIDS), Network
Intrusion Detection Systems (NIDS), Intrusion Prevention Systems (IPS), analysers, scanners, and more.
Continuously monitor and analyse security tools to identify active threats, attacks, vulnerabilities, and
exposures.
Prioritize identified threats and vulnerabilities for remediation activities within the team.
Threat and Vulnerability Identification:
Assist in the identification and evaluation of security threats and vulnerabilities.
Conduct in-depth analysis of security events to determine the root cause and potential impact.
Provide recommendations for mitigation and remediation solutions to address identified security
issues.
QUALIFICATION AND EXPERIENCE
QUALIFICATION &
EXPERIENCE
Proven track record for managing technical resources to deliver technology
lifecycle
Have relevant information security experience working with or for a global
exchange or a global financial firm. Other IT operational experience will also be
considered.
Solid knowledge and experience in cloud technologies, and familiar with cloud
security architecture, design and operations.
Relevant experience with SecDevOps principles, Security Automation and
Orchestration.
Must have relevant experience with industry best-practice approaches to the
design, implementation, operation and management of IT systems (e.g. Agile,
Waterfall, ITIL, COBIT)
Must have relevant experience with information security (e.g. CISSP, CCSP).
Must have strong information security technology knowledge/concept and can
effectively communicate with senior management and a broad range of
technical/non-technical audiences. Strong written communication skills,
experienced with writing board-level papers and verbal presentations to senior
management.
Must have a relevant University degree in Computer Science, Information
Management, or related field, or equivalent experience.
Date:, Version 2.0 Page 3 of 3
COMPETENCY AND BEHAVIORAL SKILLS (Use “E” to denote Essential and “D” for Desirable)
E- Bachelor’s degree in computer science, information systems, cyber security or a related field.
E- At least 10 years of relevant experience in cyber security
E- Knowledge of information technology operation (e.g. cloud, data, system, application and infrastructure,
etc.)
E- Knowledge of cyber security assessment (e.g. security audit, vulnerability assessment, penetration
testing, etc.)
E- Knowledge of cyber security product (e.g. End-Point Solution (EDR), WAF, DLP, SIEM, SOAR)
E- Knowledge of market best practice and framework (e.g. ITIL, ISO, PCI-DSS, NIST, etc.)
E- Certification in cyber security is an advantage (e.g. CISSP, CISM, CISA, ISO Lead Auditor, CEH, etc.)
D- Certification in project management and framework is an advantage (e.g. PMP, CPM, CSM, PRINCE2,
CompTIA Project+, etc.)
located in Hong Kong, Singapore, Guangzhou, Nanjing and expanding footprints in SEA regions.
Our hybrid ecosystem provides colocation, Enterprise Services, private cloud services, disaster recovery
services, and interconnect solutions across cloud service providers, telcos, internet exchanges and major
data centers.
We power digital transformations and sustainability as part of our core values to provide mission-critical
infrastructure for Enterprise IT workloads. To find out more, please visit www.BDxworld.com
ROLE SUMMARY
The Security lead will provide security incident response and readiness as part of a 24x7 Security
Operations Centre within and in support of the IT Infrastructure and Operations team. Support global
vulnerability management processes including OS and infrastructure patching, hardening and testing
efforts. Operate security related tools (HIDS, NIDS, IPS, Analysers, Scanners, etc.) to identify active threats,
attacks, vulnerabilities, exposures, etc., and prioritize for activity within the team. Assist in speedy
identification of mitigation/remediation solutions.
DUTIES AND RESPONSIBILITIES
Key Responsibilities:
Security Incident Response:
Provide timely and effective security incident response within a 24x7 SOC environment.
Lead operation teams to effectively maintain the lifecycle of both on-premises and cloud-based security
solutions.
Manage response to security and operational incidents, and on-going security requests.
Coordinate and manage security incidents to ensure swift identification, containment, and remediation.
Develop and maintain incident response playbooks and procedures.
Participate and contribute to industry cyber forums, both formal and informal.
Support all audits and reviews requests.
Monitor developments in the information security industry and communicate on the potential impact
or applicability to the organization
Vulnerability Management:
Support global vulnerability management processes including operating system (OS) and infrastructure
patching, hardening, and testing efforts.
Date:, Version 2.0 Page 2 of 3
Conduct regular vulnerability assessments (VAPT) and prioritize remediation activities.
Collaborate with IT teams to implement and validate security patches and updates.
Security Tools Operation:
Manage the Total Cost of Ownership (TCO) for security solutions which includes new investments and
business-as-usual financials.
Operate and manage various security tools including Host Intrusion Detection Systems (HIDS), Network
Intrusion Detection Systems (NIDS), Intrusion Prevention Systems (IPS), analysers, scanners, and more.
Continuously monitor and analyse security tools to identify active threats, attacks, vulnerabilities, and
exposures.
Prioritize identified threats and vulnerabilities for remediation activities within the team.
Threat and Vulnerability Identification:
Assist in the identification and evaluation of security threats and vulnerabilities.
Conduct in-depth analysis of security events to determine the root cause and potential impact.
Provide recommendations for mitigation and remediation solutions to address identified security
issues.
QUALIFICATION AND EXPERIENCE
QUALIFICATION &
EXPERIENCE
Proven track record for managing technical resources to deliver technology
lifecycle
Have relevant information security experience working with or for a global
exchange or a global financial firm. Other IT operational experience will also be
considered.
Solid knowledge and experience in cloud technologies, and familiar with cloud
security architecture, design and operations.
Relevant experience with SecDevOps principles, Security Automation and
Orchestration.
Must have relevant experience with industry best-practice approaches to the
design, implementation, operation and management of IT systems (e.g. Agile,
Waterfall, ITIL, COBIT)
Must have relevant experience with information security (e.g. CISSP, CCSP).
Must have strong information security technology knowledge/concept and can
effectively communicate with senior management and a broad range of
technical/non-technical audiences. Strong written communication skills,
experienced with writing board-level papers and verbal presentations to senior
management.
Must have a relevant University degree in Computer Science, Information
Management, or related field, or equivalent experience.
Date:, Version 2.0 Page 3 of 3
COMPETENCY AND BEHAVIORAL SKILLS (Use “E” to denote Essential and “D” for Desirable)
E- Bachelor’s degree in computer science, information systems, cyber security or a related field.
E- At least 10 years of relevant experience in cyber security
E- Knowledge of information technology operation (e.g. cloud, data, system, application and infrastructure,
etc.)
E- Knowledge of cyber security assessment (e.g. security audit, vulnerability assessment, penetration
testing, etc.)
E- Knowledge of cyber security product (e.g. End-Point Solution (EDR), WAF, DLP, SIEM, SOAR)
E- Knowledge of market best practice and framework (e.g. ITIL, ISO, PCI-DSS, NIST, etc.)
E- Certification in cyber security is an advantage (e.g. CISSP, CISM, CISA, ISO Lead Auditor, CEH, etc.)
D- Certification in project management and framework is an advantage (e.g. PMP, CPM, CSM, PRINCE2,
CompTIA Project+, etc.)