Senior IT Security Engineer

Job Description

Title: Senior IT Security Engineer

Company Name: ASA

Vacancy: 01

Age: Na

Job Location: Dhaka

Salary: Negotiable

Experience:

• At least 7 years

• Bachelor of Science (BSc) in Electrical & Electronic Engineering

• B.Sc./M.Sc. in CSE/IT/MIS/Software Engineering/ECE/EEE or equivalent and relevant engineering degree.

• Certification on OSCP/CEH (Practical)/CHFI/CSA(Preferred)

• At least 7 years

• Age at most 40 years (as per NID card).

• At least 7 years working experience in relevant field after graduation.

• Minimum 5+ years working experience in IT security team (SOC, Application security, IT security governance).

• Information security experience in two or more areas such as but not limited to:

• a. Application security, b. Identity and access management, c. System security, d. data security, e. Incident response, f. Red/Blue team, g. SOC.

• Extensive, hands-on experience in working with applications such as XDR, PAM, VA & PT.

• Hands-on experience with incident response and investigation activities.

• Extensive, hands-on experience of the security design, implementation, system and network administration in the fields of information security.

• Ability to identify security risk and weaknesses and provide security mitigation and remediation recommendations.

• Experience with one or more IT security frameworks, such as CIS, NIST, ISO 27001: 2022/2013 ISMS, is preferred.

• Deep knowledge Extensive, hands-on experience in working with applications such as DLP, Firewall, IDS/IPS, WAF, Load Balancer etc. is preferred.

• Understanding of the Software Development Life Cycle (SDLC) and software development security principles, including web and mobile application security and secure design patterns, is preferred.

• Excellent technical aptitude, resourcefulness, and critical thinking skills.

• Experience in scripting (Python, Shell, PowerShell) on common operating systems (Windows and *nix) and network environments.

• Documentation and Meticulous reporting skills.

ASA is one of the biggest MFIs in the world with around 27 thousand employees serving around 70 lakh clients across the country. Here all the applications are developed by our own in-house IT team. ASA is in the process of digital transformation of its 3075 branches` operations involving per day more than 90 (ninety) lakh transactions in the system of more than 26000 users. ASA welcomes you to take the initial challenges in this process.

• Carry out routine IT security operations, including monitoring, alert handling, and enforcement of security controls.

• Create and maintain documentation of IT security technology procedures, processes, configurations and diagrams.

• Responsible for cybersecurity technologies and conducting vulnerability assessments (VA) and penetration tests (PT) on systems and applications.

• Actively engage in incident response and investigation activities.

• Perform cyber defense trend analysis and reporting using XDR, PAM.

• Review and analyzing Next-Gen Firewall (policies & logs), System, DB, Web application security logs.

• Implement open-source and commercial security solutions (e.g. SIEM, secure code analysis of web applications).

• Ensure breaches and fraudulent activities are not escalated.

• Define defense-perspective threat modelling.

• Monitor and analyze data flow to identify and block malicious behaviors and activities.

• Identify risk areas that will require vulnerability prevention.

• Develop mitigation and remediation plans as a result of vulnerability assessment findings.

• Provide updates and continuously identify threats to the Development Security organization to improve processes through automation and tools creation.

• Stay abreast with emerging security technologies.

• Oversee system and network security, troubleshoot and fix failures, prepare system restoration/disaster recovery plans.

• Harden software and hardware configurations.

• Perform security monitoring and analysis of security events.

• Monitor and analyze logs and alert from a variety of different technologies across multiple platforms to identify security incidents.

• Ensure that processes related to the IT Security are imposed in accordance with industry best practices.

• Facilitate discussions with stakeholders and suppliers as to how best practices might be adopted in the management of IT operations.

• Ensure that the processes are documented, and that these processes are managed in order to effectively deliver the required Security measure for the protection of Computer Systems, Networks and the Information.

• Undertaking any other lawful responsibilities as assigned by the office/supervisor.

• Salary: Negotiable.

• Probation period will be 1 (one) year long. After successful completion of the probationary period, the employee will be accommodated in the regular Pay Scale of ASA.

• All admissible benefits like Contributory Provident Fund, Gratuity, Yearly Increment, Festival Allowance, Naboborsho Allowance (Boishakhy) and Employee`s Group Benefit Fund will be attributed.