IT Security Analyst

Job Summary

We are seeking a highly capable and proactive IT Security Analyst to support our APAC security operations. This role plays a key part in identifying, assessing, and driving remediation of security vulnerabilities and ensuring policy compliance in a complex enterprise environment. You’ll work closely with regional teams, including an outsourced Remediation COE, to fulfill our core security KPIs.

Duties & Responsibilities

Core Responsibilities

  • Perform recurring and ad-hoc vulnerability scans across systems and cloud environments.
  • Work with the central team to respond to security incidents, including targeted threats and internal escalations.
  • Document vulnerability management procedures, including policies and technical workflows.
  • Improve and automate vulnerability detection, reporting, and remediation tracking processes.
  • Analyze system architecture and control design for risk, security, availability, and performance impacts.
  • Conduct security risk assessments for projects and applications, and recommend pragmatic solutions.
  • Collaborate with the Security team to design and roll out security awareness initiatives in the APAC region.
  • Research and assess emerging threats and vulnerabilities to ensure controls remain effective.
  • Support security audits, external assessments, and compliance inquiries.

Additional Responsibilities

  • Act as an approver (on behalf of Zone ISO) for security-related requests via ServiceNow:
    • Firewall rule changes
    • AWS connections
    • Application whitelisting
  • Standby duty (weekly roster) for urgent approval requests during off-hours/weekends.
  • Liaise directly with the outsourced Remediation team to guide remediation efforts and ensure findings from vulnerability assessments and policy compliance scans are resolved—a key KPI for the team.

Skills & Qualifications

Required

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • 3–5 years of experience in information security, risk, or compliance in a technology environment.
  • 5+ years in vulnerability management, policy compliance, or risk-based remediation projects.
  • Strong hands-on experience in:
    • Vulnerability scanning tools (e.g., Qualys VDMR, PCI, Policy Compliance)
    • Incident response and threat handling
    • Network security controls, NAC, SIEM platforms
    • ServiceNow for approval workflows and ticketing
  • Familiarity with cloud-first environments and security controls for AWS or GCP.
  • Experience with application security, access control models, and architecture reviews.

Preferred

  • Security certifications: CISSP, CISA, CRISC, or similar.
  • Knowledge of control frameworks such as ISO 27001, SOC2, NIST.
  • Strong understanding of OWASP methodologies and cloud security practices.
  • Familiar with Power BI, Prisma Cloud, and visualization/reporting tools.
  • Excellent communication skills in English; able to clearly explain technical risks to non-technical audiences.
Job Type: Contract (12 Months Renewable)
Job Location: Selangor

Apply for this position

Allowed Type(s): .pdf, .doc, .docx