職位描述
ISO27001CISPCISSPCISA
You will:
· Perform threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment
· Work with IT infrastructure, network operations teams and other IT stakeholders to review and assess new setups, changes, and upgrades to the organisation’s network infrastructure and network components to ensure any move and change will not introduce security risks to the organisation
· Perform vulnerability scanning across the Club’s technology landscape work with key stakeholders to identify, govern and mitigate identified vulnerabilities
· Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and within budget
· Work closely with business and IT stakeholders to schedule and perform system and network vulnerability scanning, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats
· Conduct the web scanning and automated code testing of in-house applications, and guide developers and IT colleagues on coding best practices and mitigations prior to production release to ensure that systems are resistant to known attack vectors, e.g. OWASP Top 10, when deployed
· Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)
· Support the reviews and updates of applicable cyber defence policies, regulations, and compliance documents specifically related to Threat Vulnerability Management and Security Testing
· Undertake other duties assigned by Cyber Security Management. Confidential
· Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours
You should have:
· University Degree in computer science, engineering or related discipline
· Minimum of 5 years of practical experience in IT Security Operations, Network infrastructure in a corporate environment with large-scale transaction websites and complex IT infrastructures and operations
· Cybersecurity certifications such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender etc. would be desirable
· Experience in Threat and Vulnerability Management
· Technical background, particularly in web application development, infrastructure & networking
· Able to manage the execution of action plans for ensuring the safety and security of all information system assets
· Excellent interpersonal
· Must demonstrate effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
· Must possess analytical, problem solving and documentation skillsExpertise in security testing, threat and vulnerability management tools and techniques, particularly around vulnerability scanning, patch management and penetration testing
· In-depth experience in secure coding practices, source code review, and Internet threat vectors such as the OWASP top 10
· Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy as well as End-Point security
· Working knowledge of security data analytics and incident handling
· Working knowledge in ISO27001/2 or regulatory compliance standard
· Perform threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment
· Work with IT infrastructure, network operations teams and other IT stakeholders to review and assess new setups, changes, and upgrades to the organisation’s network infrastructure and network components to ensure any move and change will not introduce security risks to the organisation
· Perform vulnerability scanning across the Club’s technology landscape work with key stakeholders to identify, govern and mitigate identified vulnerabilities
· Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and within budget
· Work closely with business and IT stakeholders to schedule and perform system and network vulnerability scanning, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats
· Conduct the web scanning and automated code testing of in-house applications, and guide developers and IT colleagues on coding best practices and mitigations prior to production release to ensure that systems are resistant to known attack vectors, e.g. OWASP Top 10, when deployed
· Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)
· Support the reviews and updates of applicable cyber defence policies, regulations, and compliance documents specifically related to Threat Vulnerability Management and Security Testing
· Undertake other duties assigned by Cyber Security Management. Confidential
· Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours
You should have:
· University Degree in computer science, engineering or related discipline
· Minimum of 5 years of practical experience in IT Security Operations, Network infrastructure in a corporate environment with large-scale transaction websites and complex IT infrastructures and operations
· Cybersecurity certifications such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender etc. would be desirable
· Experience in Threat and Vulnerability Management
· Technical background, particularly in web application development, infrastructure & networking
· Able to manage the execution of action plans for ensuring the safety and security of all information system assets
· Excellent interpersonal
· Must demonstrate effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
· Must possess analytical, problem solving and documentation skillsExpertise in security testing, threat and vulnerability management tools and techniques, particularly around vulnerability scanning, patch management and penetration testing
· In-depth experience in secure coding practices, source code review, and Internet threat vectors such as the OWASP top 10
· Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy as well as End-Point security
· Working knowledge of security data analytics and incident handling
· Working knowledge in ISO27001/2 or regulatory compliance standard
工作地點
深圳市-南山區(qū)-科技園南區(qū)粵興四道1號2層
相似職位
- 信息安全工程師1.2萬-1.6萬
深圳 - 南山
拓保軟件
- 網(wǎng)絡(luò)安全售前工程師1萬-1.6萬
深圳 - 寶安
中和易茂科技服務(wù)(北京)有限公司 深圳 - 龍華
富聯(lián)精密電子(鄭州)有限公司- 信息安全工程師1.3萬-2.1萬
深圳 - 羅湖
上海欽誠信息科技有限公司 - Q安全服務(wù)-深圳1萬-1.3萬
深圳 - 羅湖
豐沃創(chuàng)新(北京)科技有限公司 - 等保測評工程師 (MJ008209)1.2萬-2萬
深圳 - 寶安
華測檢測認證集團股份有限公司
熱門公司推薦
- 霸王茶姬招聘
- 肯德基招聘
- 順豐招聘
- 美團招聘
- 京東招聘
- 餓了么招聘
- 比亞迪招聘
- 中國一汽招聘
- 北京汽車招聘
- 蔚來招聘
- 東風(fēng)汽車招聘
- 長城汽車招聘
- 奇瑞汽車招聘
- 理想汽車招聘
- 長鑫存儲招聘
- 天江藥業(yè)招聘
- 藍月亮招聘
- 安踏招聘
- TCL招聘
- 海信招聘
- 聯(lián)想招聘
- 海康威視招聘
- 寧德時代招聘
- 中興招聘
- 新松招聘
- 京東方招聘
- 申通招聘
- 圓通招聘
- 中通招聘
- 百世物流招聘
- 德邦物流招聘
- 麥當(dāng)勞招聘
- 星巴克招聘
- 海底撈招聘
- 蜜雪冰城招聘
- 瑞幸招聘
- 雀巢招聘
- 騰訊招聘
- 百度招聘
- 快手招聘
- 字節(jié)跳動招聘
- 新華網(wǎng)招聘
- 小米招聘
- 招商銀行招聘
- 中信銀行招聘
- 北京銀行招聘
- 興業(yè)銀行招聘
- 交通銀行招聘
- 建發(fā)集團招聘
- 中國移動招聘
- 中國聯(lián)通招聘
- 中國電信招聘
- 中糧集團招聘
- 國藥控股招聘
- 中廣核招聘
- 中國船舶招聘
- 強生中國招聘
- 匯豐中國招聘
- 宜家招聘
- 立邦中國招聘
- 伊利招聘
- 青島啤酒招聘
- 京港地鐵招聘
- 寶馬招聘
- 小鵬汽車招聘
- 華為招聘
- 特斯拉招聘
- 吉利招聘
- 奔馳招聘
- 海爾招聘
- 美的招聘
- 京東方招聘
- 施耐德電氣招聘
- 德邦物流招聘
職位發(fā)布者
林女士/Recruiter
三日內(nèi)活躍立即溝通
深圳香港馬會技術(shù)開發(fā)有限公司香港賽馬會(以下簡稱“馬會”)成立于1884年,是致力建設(shè)更美好社會的世界級賽馬機構(gòu)。馬會透過其獨特綜合營運模式,創(chuàng)造經(jīng)濟及社會價值,并協(xié)助政府打擊非法博彩。馬會是全港最大的單一納稅機構(gòu),也是香港主要雇主之一,其慈善信托基金位列全球十大慈善捐助機構(gòu)。馬會以誠信合規(guī)著稱,為員工提供長期穩(wěn)健的職業(yè)發(fā)展平臺。跨越130多年的深厚底蘊,將繼續(xù)與香港市民“同心同步同進,共創(chuàng)更好未來”。賽馬及馬場娛樂:馬會持續(xù)提升香港世界級賽馬的質(zhì)素,舉辦娛樂與體育活力兼?zhèn)涞馁愂拢懔钕愀垡詾榘痢T會所:馬會亦是香港最尊貴的會所之一。馬會會籍備受尊崇。會員所擁有的佳駒,均委托馬會全權(quán)負責(zé)訓(xùn)練和醫(yī)療,同時馬會會所也是會員社交,娛樂及投資交流的重要平臺。慈善及社區(qū):我們透過稅款、慈善捐款及主動投入社會服務(wù),致力改善香港市民的生活質(zhì)素。賽事組織和管理:我們專業(yè)經(jīng)驗豐富的賽事管理團隊,承擔(dān)、組織和管理國際賽馬協(xié)會名下的各類國際賽事及奧運會、亞運會等大型賽事之馬術(shù)比賽,在國際賽馬界具有極高的美譽度。宗旨:致力建設(shè)更美好社會的世界級賽馬機構(gòu).核心價值:卓越領(lǐng)導(dǎo)、堅守誠信、持續(xù)進步、服務(wù)社群.貢獻社會:馬會成功地將賽馬運動與慈善事業(yè)融為一體,每年從賽馬所得的盈余,通過香港賽馬會慈善信托基金捐贈服務(wù)于社會,以照顧到民生和社會需要,主要分為康體文化、教育培訓(xùn)、社會服務(wù)及醫(yī)藥衛(wèi)生四方面。2022/23年度,馬會透過稅款及已審批的慈善捐款,貢獻社會共359億港元,創(chuàng)歷年新高。多年來,馬會一直推動與內(nèi)地的緊密聯(lián)系,尤其每當(dāng)發(fā)生天災(zāi)及緊急事故時,更是義不容辭,伸出援手。重點項目包括于2008年四川發(fā)生大地震后,馬會撥捐10億港元支持當(dāng)?shù)刂亟üぷ鳌8诮衲?月,透過中央駐港聯(lián)絡(luò)辦公室,向受嚴重暴雨洪澇影響的京津冀及東北地區(qū)捐出2,000萬港元,以支持當(dāng)?shù)氐木葹?zāi)賑災(zāi)工作。馬會對內(nèi)地馬產(chǎn)業(yè)和馬匹運動的支持,可以說是馬會對國家發(fā)展貢獻最大的范疇,而重點貢獻領(lǐng)域就在大灣區(qū)。馬會發(fā)揮其廣州從化馬場的作用,幫助和推動大灣區(qū)馬產(chǎn)業(yè)的發(fā)展,培養(yǎng)了大批內(nèi)地賽馬的專業(yè)人才。更多信息詳見官方網(wǎng)站:www.hkjc.com“深圳香港馬會技術(shù)開發(fā)有限公司”成立于2012年5月,由馬會全資附屬子公司“香港馬會業(yè)務(wù)創(chuàng)展(中國)有限公司”全資擁有,隸屬于馬會資訊科技部門,為馬會的資訊科技提供應(yīng)用開發(fā)和技術(shù)支持等服務(wù)。我們以最頂尖的資訊技術(shù)和計算機系統(tǒng)來支援多元化的業(yè)務(wù)。深圳香港馬會技術(shù)開發(fā)有限公司所提供的技術(shù)服務(wù)內(nèi)容如下:關(guān)鍵技術(shù)研究、系統(tǒng)平臺和中間件技術(shù)研究與開發(fā)、綜合系統(tǒng)開發(fā)、軟件測試、工程支持、系統(tǒng)集成方案與現(xiàn)場實施。
公司主頁