Consultant, IT Security - #1162556

Job Description
Deliver the scope of work defined below:

CARBON BLACK
The management of the Endpoint Detection and Response (EDR) system shall minimally include and not limited to the following:
- Administration of Carbon Black EDR servers configuration
- Checking and recommend for new threat intelligence feeds
- Administration of Carbon Black configuration sensor group
- Administration of user account
- Management of EDR agents in servers
- Generation of reports
The current EDR system is Carbon Black EDR. The above mentioned scope of work shall apply in the event of a change in the product.

TREND MICRO / TRELLIX
The management of the Server Anti-Virus System in GDC shall minimally include and not limited to the following:
- To administrate Trend Micro Deep Security Manager
- To administrate the active update from TrendMicro update server
- To administrate of updates to the agents
- To administrate virtual patching
- To add/remove agents under monitoring
- To manage the Virtual Patching feature in the servers
- To manage the configuration of policies and the deployment of these policies
- To generate weekly report to agency
The current the Server Anti-Virus System in HPB is Trend Micro Deep Security. The abovementioned scope of work shall apply in the event of a change in the product.

IMPERVA
The management of the Imperva in shall minimally include and not limited to the following:
- To administrate Imperva SecureSphere, Imperva Data Risk Analytics
- To administrate of update gateways, management servers
- To administrate of updates to the agents
- To administrate patching
- To add/remove agents under monitoring
- To manage the configuration of policies and the deployment of these policies
- To generate daily/weekly/monthly report to agency

ARCSIGHT
The management of the ArcSight in shall minimally include and not limited to the following:
- To administrate Imperva ArcSight LMS
- To administrate of updates to the agents
- To administrate patching
- To add/remove agents under monitoring
- To manage the configuration of policies and the deployment of these policies
- To generate daily/weekly/monthly report to agency

IT Configuration Management
- Periodically review IT asset inventory (hardware, software, network equipment, network attached equipment and end-points) records maintained and updated by Client appointed Asset Officer.
- Maintain oversight and review the Obsolescence at System Family Level.
- Prepare and submit report to Client
- Incident Management
- Lead investigation and resolution of Security incident
- Conduct root cause analysis and recommend improvement solution for recurrent incident to Client.

IT Security Management
- Schedule security scan for identified systems according to policies and verify all vulnerability rectifications are satisfactorily performed.
- Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to client.
- Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline. Maintain oversight and submit reports on monthly basis.
- Escalate and/or seek Client’s acceptance and approval of assessed risks.
- Manage and administer any security monitoring tools including splunk, arcsight, EDR are addon advantage.

IT Security Compliance & QA Management
- Ensure compliance status of the Systems adheres to applicable standards, polices, directives and guidelines.
- Review weekly/monthly account review based on the requirements.
- Review weekly/monthly log review based on the requirements.
- Declare, review and report compliance status to head office annually.
- During audit exercise, work with stakeholders to provide responses and evidence to auditors or compliance related declarations.

Requirement:

- MUST HAVE : Both IT Security & CISM/CISSP or equivalent certs

We regret to inform that only shortlisted candidates will be notified.

Interested candidates, please click on the following link to begin your job search journey and submit your curriculum vitae (CV) directly through the official PERSOL job application platform - GO.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOL Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolsingapore.com/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.

PERSOL Singapore Pte Ltd • RCB No. 200007268E • EA License No. 01C4394• Reg. R23117130, HO XIN YI