FreeHire

citicclsa

Analyst, IT Security Engineering, IT

Show

Position Description

We are looking for an IT Security Analyst who is proactive, self-motivate, willing- to-do attitude to be part of an international IT Security team to engineer and support security solutions.

As a team member in IT security team, you will be a contributor to the company’s IT and Cyber security strategy and operations. You and your team will be managing a portfolio of IT security tools in identity access management, network intrusion detection system, endpoint protection, email security, data leakage protection, application security, and other information security controls.

Key Areas of Responsibilities

  • Conduct penetration testing, vulnerability scanning and code review on IT systems including but not limited to: Web, Network, Server, thick client applications, mobile applications, AI applications, Internet of Thing (IOT), to identify potential security risks and provide remediations.

  • Review and perform security assessments on above IT systems’ architecture & design and on Software-As-A-Service (SaaS) such as Microsoft 365 application suite and other SaaS solutions.

  • Cyber-attack simulation and red teaming

  • Assist on Evaluating, Design, planning and implementing IT security solutions such as Web Application Firewall (Akamai, Cloudflare, AWS WAF, Azure WAF), Single Sign On (Microsoft Entra/Okta/Cisco Duo), Zero Trust Solution (Zscaler, Palo Alto Networks, Microsoft Entra Private Access), malware Sandboxing

  • Assist on first and second level support for some of team’s existing security controls and tools, penetration test vulnerability scanning tools and other IT security tools

  • Form an effective working relationship with the team’s key stakeholders - IT Security team members, IT teams and business teams.

  • Be the subject matter expert for some of the IT Security tools.

  • Design and deliver new strategic security initiatives with collaboration from business partners.

  • Keen to learn on new technology evaluation and implementation:
    Public Key Infrastructure (PKI): Root Certificate Authority, Microsoft Cloud PKI, certificate, Microsoft Intune.
    Post Quantum Computing: Quantum Safe Hardware Secure Module(HSM), Key Management System(KMS), next generation IP Sec VPN
    AI Red Teaming

Requirements

  • Bachelor Degree of above in IT, Computer Science

  • 3-5 years related experience in cybersecurity, with knowledge in regulatories

  • Industry Certifications (e.g. OSCP)

  • Good understanding of security principles and technologies

  • Experience on security services - Penetration testing, security risk assessment/technical review, vulnerability scanning and assessment

  • Strong Knowledge and understanding on

    Public Cloud
    Cisco ASA, VPN and Network device
    Hypervisor and virtual machine
    Active Directory
    SIEM, Endpoint Detection & Response (EDR), Application Whitelisting, Data leakage and Malware AnalysisUp-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices

  • Experience in scripting and process automation

  • Windows, Networking and Database fundamentals

  • Knowledge on security products such as web filtering, anti DDoS, malware, anti-virus, DLP solutions

  • Strong communication skills in English and Chinese, as well as project management skills

Stay informed on CITIC CLSA Job Opportunities

Not the right fit? You can create a job alert to receive our latest job openings that meet your interest.