Assistant IT Security Section Manager
Jaspal Group of CompaniesSecurity Controls
1. Establish reviews, assess, testing in IT InfoSec (Conducting security assessments and penetration tests to identify vulnerabilities in systems, networks, and web applications)
2. Perform regular security testing
3. Provide recommendation to IT & BU
4. Maintain and follow up the findings
Security Architecture
1. Translate security vision to security model (Security architecture design and consulting)
2. Create group architecture of security service
3. Assess impact of cyber threats on Business service
4. Assure all IT service are comply security Policy
Secure Development
Secure development aims to secure customer applications by design to limit further investments caused by development bugs and mistakes
1. Create security baseline
2. Adapt the baseline
3. Create a group virtual team to share practices
4. Automate and integrate security check into development pipeline (DevSecOps)
Security Operation
1. Implement security technologies
2. Standardize/develop security technology stack
3. Provide expertise and consultation
4. Detect and prevent any cyber threat in IT environment
5. Security Operation Center e.g. Blue team and Red team
6. Regular review all user privilege with system owner and team member
2. Experience 7 Years, in Field Background Infrastructure or Dep Sec Op
4. Relevant local and international security standards and best practices such as OWASP
5. NIST
6. ISO 27001
7. Cyber security framework
8. Project management/Skill written and verbal communication and presentation skills
Education Background
- Master/Bachelor’s degree in Computer Science, Computer Engineer, Information Technology or related fields
Experiences : Minimum of 7 years of experiences in Information Security design, consulting and assessment
- Experience with Security architecture design and consulting
- Experience with Security consulting on DevSecOps in advantage
- Experience with Security assessment e.g. penetration tests, source code review, VA scan
- Experience with Security consulting on Cloud environment e.g. AWS or Azure in advantage
- Experience with Security consulting on Security Operation Center e.g. Blue team and Red team is advantage
Knowledge
- Relevant local and international security standards and best practice such as OWASP,NIST,ISO 27001
- Cyber security framework
- Project Management
- Provident Fund
- Staff training and development
- Marriage gift
- 5-day work week
- บริการรถรับส่งพนักงาน
- Social security
- Health insurance
- Accident Insurance
- Annual bonus