- Development of the company's compliance with security requirements, policies, laws and regulatory requirements.
- Perform security testing including but not limited to vulnerability scanning, app & infra penetration test, security hardening and configuration review and provide recommendation.
- Work with IT Solution Centre to determine the right testing scope and sequent testing pre-requisite.
- Implement, maintain and enforce security testing process and standards.
- Manage security testing vendor to deliver and execute the security testing in right scope, quality and compliant to policies and standards.
- Certification in penetration testing discipline such as SANS-GWAP, PEN 300, OSCP, OSWE, OSCE, CREST CCT
- Competencies in information security framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
- Knowledge on security solutions and tools, e.g.: Nessus, Nmap, Burp, AppScan, Kali Linux etc.
- Experience in vendor management