Secops Manager

This is a 12 months contract assigned to our client

Work Location: To be confirmed

Salary Range : $10,000-$12,000

**Job Description**:
1. Lead, manage, and develop the SecOps team to become a High-Performance team with low attrition.

2. Ensure SecOps team adopt, enforce, and comply with the Security Incident Response Framework (“SIRF”).

3. Update and maintain the SIRF document.

4. SecOps team collaborate and adhere to the instructions from the client’s Security Incident Response Manager (“SIRM”), Security Incident Response Officer (“SIRO”), Chief Information Security Officer (“CISO”) and security personnel when responding and resolving security incidents involving client software & infrastructure services or related services.

5. SecOps team shall regularly review and enforce the controls, policies, and processes to ensure every client software & infrastructure service perform its rotation of certificates, secrets, and keys. The SecOps team shall document its review and provide such documented reports for review with the client.

6. Ensure the SecOps team adopt, enforce, and comply with the client Security Incident Response Framework (“SIRF”). Update and maintain the client SIRF document.

7. SecOps team shall collaborate and adhere to the instructions from the client’s Security Incident.

8. Actively monitor and perform analysis of security alerts and logs of client software & infrastructure.

9. Review and provide statistical security reports for the construction and enhancement of new and/or existing policies and rules to secure client software & infrastructure services during operations.

10. Analyse, propose and configure new security detection rules and policies in response to emerging or ongoing threats, exploits and vulnerabilities.

Possesses the necessary certifications, hands-on experience, skills, and technical knowledge in the following areas:
1. Minimum of seven (7) years’ work experience in IT security field involving enterprise systems and network infrastructure.

2. Valid and current professional information security certifications (CISSP and CISM).

3. Good interpersonal, presentation, written and communication skills.

4. Minimum of seven (7) years’ work experience in IT security field involving enterprise systems and network infrastructure.

5. Valid and current professional information security certifications (CISSP and CISM).

6. Good interpersonal, presentation, written and communication skills.

7. Good leadership skills.

8. ICT security management and governance.

9. ICT security risk assessment and management.

10. ICT security incident response and management.

11. Vulnerability assessments, ICT security audit, penetration testing and other ICT security tests.

12. International standards and best practices for IT security such as those published by ISO/IEC, NIST, Center for Internet Security (CIS), etc.

13. Managed identity fraud detection services.

14. Privileged Access Management (“PAM”) software.

15. Endpoint Protection and Detection Platform (“EPP/EDR”) for endpoint devices.

16. Commonly used Network security prevention and segmentation tools such as Next Generation Firewall (“NGFW”), Intrusion Prevention System (“IPS”), Web Application Firewalls (“WAF”).

18. Network segmentation tools Virtual Private Cloud (“VPC”), Proxy, Gateways, Security Groups, NACL etc. 19. Security monitoring tools such as AWS Guard Duty, AWS Security Hub, SIEM, DAM solutions and tools.

20. Crypto modules, secrets, and key management services such as managed or self-host Hardware Security Module (“HSM”), data and storage encryption.