Job Description

Hiring Immediately -

"IT Security Engineer"

with

offensive and defensive security expertise to safeguard systems.

Provide critical support for compliance initiatives, particularly those related to cloud-specific frameworks and regulations.

Minimum of 5 years experience in a related IT security role, with a significant portion focused on cloud security.

Open to Malaysian nationalities only

Employment Type : Full Time

Work on-call rotation / occasional evening and weekend

Willing to travel for training or team meetings.

Key Responsibilities:

Offensive Security Operations:

Conduct dynamic application security testing (DAST) utilizing tools such as Rapid7 InsightAppSec to identify and address vulnerabilities in our applications. Provide essential support for Static Code Analysis Tools (SAST) to integrate security early into the software development lifecycle. Continuously optimize and refine existing security tools, with a strong emphasis on leveraging and implementing native cloud security controls, including advanced features within Rapid7 InsightCloudSec.

Defensive Security Operations:

Participate in all phases of incident response, from detection and analysis to containment, eradication, and post-incident review. Manage and prioritize vulnerabilities across infrastructure using tools like Rapid7 InsightVM, ensuring timely remediation. Oversee and maintain endpoint protection solutions (e.g., Microsoft Defender, Trend Micro) to defend against sophisticated threats. Efficiently triage and respond to security alerts generated by our Security Information and Event Management (SIEM) system, Rapid7 InsightIDR. Proactively monitor and manage cloud Identity and Access Management (IAM) configurations to enforce least privilege and prevent unauthorized access.

Desired Skills & Experience:

Cloud Security Expertise:

Demonstrated strong expertise in cloud security principles and best practices across major cloud providers, including Amazon Web Services (AWS), Microsoft 365, and Azure. In-depth knowledge of native cloud security controls, Cloud Security Posture Management (CSPM), Infrastructure as Code (IaC) security, cloud-aware SIEM solutions, and robust cloud identity management strategies. Hands-on experience with leading security tools such as Rapid7 InsightVM, InsightIDR, and InsightCloudSec.. A deep understanding and practical application of industry security best practices, including NIST frameworks, OWASP Top 10, Microsoft Security Development Lifecycle (SDLC), and CIS benchmarks. Able to provide training and guidance to team members on cloud security best practices and emerging threats.
Job Type: Permanent

Pay: RM12,000.00 - RM14,000.00 per month

Application Question(s):

Do you have strong expertise in cloud security principles across cloud providers that includes Amazon web services (AWS), Microsoft 365 & Azure ? Pl mention In depth knowledge of native cloud security controls ? Do you have in depth knowledge on Cloud Security Posture Management ( CSPM)? Do you have in depth knowledge on Infrastructure as Code (IaC)? Do you have in depth knowledge on Cloud -Aware SIEM solutions ? Do you have in depth knowledge on Infrastructure as Code ? Do you have in depth knowledge on Cloud- aware SIEM solutions? Do you have in depth knowledge on robust cloud identity management strategies ? * Do you have prior experience to manage Cloud Identity and Access Management (IAM )?