Sekiranya berminat untuk memohon, sila klik pautan Jobstreet,https://my.jobstreet.com/job/92082490?ref=direct-share-hirer-jobs-list atau e-mel resume ke careers@yayasanpeneraju.com.my

Position: IT Security Engineer
Department/ Unit: Technology/ InfraOps
No of Vacancy: 1
Start Date: Immediately 

Job Summary
This role is responsible for safeguarding Yayasan Peneraju’s IT infrastructure, systems and data against cybersecurity threats, vulnerabilities and breaches. The role requires a proactive approach in implementing and maintaining robust security measures, ensuring compliance with relevant security standards and policies as well as effectively responding to and managing security incidents.

Job Responsibilities
Tasks include but not limited to:

Network & System Security

• Design, implement and maintain security measures, including firewalls, intrusion detection/prevention systems (IDS/IPS) and endpoint protection.
• Monitor network traffic and logs to detect and respond to anomalies or unauthorized activities.
• Manage secure access through VPNs, multi-factor authentication (MFA) and role-based access controls.
• Conduct regular vulnerability assessments and coordinate remediation efforts.

Incident Response & Recovery

• Develop, document and execute incident response plans (IRPs).
• Investigate security incidents, contain breaches and mitigate damage.
• Ensure effective disaster recovery plans (DRPs) are in place for IT systems and conduct regular drills.
• Coordinate with relevant teams to restore affected systems and data.

Policy & Compliance

• Develop and enforce security policies, procedures and standards to align with frameworks such as ISO 27001, NIST or CIS.
• Conduct internal audits to ensure compliance with regulatory requirements.
• Provide regular reporting on the organization’s security posture and metrics.
• Work closely with IT, compliance and business teams to align security with organizational goals.

Security Awareness & Training

• Conduct training sessions to promote cybersecurity best practices among employees.
• Foster a culture of security awareness to reduce human factor vulnerabilities such as phishing.

Threat Monitoring & Analysis

• Stay updated on the latest threats, vulnerabilities and mitigation strategies.
• Perform risk assessments to identify potential weaknesses and prioritize mitigation strategies.
• Develop and maintain risk registers, tracking progress of identified controls.

Technology Evaluation & Integration

• Evaluate emerging security tools and technologies to enhance the organization’s security posture.
• Integrate security solutions into existing IT infrastructure, ensuring minimal disruption.
• Collaborate with DevOps and DataOps teams to ensure security is built into system and application development lifecycles.

Job Requirements

1. Minimum of Bachelor’s degree holder in any related field.
2. Minimum of 3 years or more of relevant working experience.

Specialized Skills

1. In-depth knowledge of cybersecurity principles, tools and technologies (firewalls, SIEM, IDS/IPS, WAF, etc.).
2. Proficiency in network protocols, system hardening and endpoint security.
3. Familiarity with cloud security platforms (AWS, Azure, GCP).
4. Experience with scripting and automation tools (Python, PowerShell).
5. Professional certifications such as CISSP, CEH, CISM, OSCP or CompTIA Security+ are highly preferred.