IT Security Engineer - #1115393

About The Company

We have partnered with one of the leading retail groups in Singapore with a strong presence across multiple store formats islandwide. With a portfolio of well-established brands, the business continues to grow and adapt, serving diverse customer segments though its network of over 50 outlets.

Job Summary

The successful candidate will be responsible for implementing, maintaining, and enhancing our organisation’s information security posture. This role requires strong technical expertise and the ability to collaborate closely with cross-functional teams, including End User Support, Network, IT Infrastructure and Application, to ensure security is embedded across all systems and processes.

This role is based in Tampines.  

Key Responsibilities

• Analyse security threats, develop and optimise security policies.

• Proactively detect, investigate, and respond to cyber threats within the M365 ecosystem, which includes email, Teams, SharePoint and OneDrive.

• Collaborate with IT Infrastructure and Network teams to ensure secure configuration of servers, networks and cloud environments.

• Partner with End User Support team to improve endpoint security, user awareness and access controls.

• Monitor, investigate and respond to security incidents, escalating where necessary.

• Perform regular vulnerability assessments, recommending and following up on remediation actions.

• Develop and maintain security documentation, including standards, procedures and technical guidelines.

• Assist in compliance with security frameworks, regulations and industry best practices (e.g., ISO 27001, NIST).

• Continuously evaluate emerging threats and recommend new tools, technologies and processes to mitigate risks.

• Maintain data sources feeding the log monitoring system, develop and maintain detection and alerting rules.

Qualifications

• 3–5 years of hands-on experience in IT security operations.

• Certifications such as CompTIA Security+, ISC2 Certified in Cybersecurity, or GIAC

• Additional certifications like CISM or CSSP are considered a plus

• Good analytical and problem-solving skills to investigate and resolve security vulnerabilities effectively.

• Excellent written and verbal communication skills, with the ability to convey technical information to non-technical stakeholders.

• Knowledge of cybersecurity threats, vulnerabilities, and exploit methods.

• Familiarity with cloud computing platforms and related security considerations (GCP, Azure, AWS).

• Experience in security configurations, patch management, certification management, firmware updates, firewall rule management, and endpoint security agent administration.

• Ability to work collaboratively in a fast-paced environment while maintaining the confidentiality, integrity, and availability of information assets.

• Hands-on experience with security tools such as SIEM, EDR, XDR, UEBA, and SOAR.

• Knowledge of the MITRE ATT&CK framework will be added advantage.

• Familiarity with ISO27001 standards will be added advantage.

• Understanding of Zero Trust architecture will be added advantage.