• Performs static/dynamic code testing, manual code inspection, threat modelling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects
• Manage, configure, patch, upgrade and troubleshoot Firewalls, NGIPS, IPS/IDS Systems, Web Application Firewalls, Network Traffic Analysis Solutions, Unified Thread Management (UTM), Email Security Gateways, Internet access Proxies and Endpoint & Antivirus Security Systems.
• Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
• Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements
• Work with different application teams to ensure secure code development
• Conduct vulnerability assessments, penetration testing, verification of baseline compliance to maintain the confidentiality, integrity & availability of the assets
• Conduct security assessments and code review for applications to ensure applications are free of weaknesses and flaws
• Analyse, triage and raise threat advisories on the emerging threats related to PDO, Oil & Gas and suppliers and partners
• Act spontaneously and provide necessary evidences to the Incident response team as needed.
• IT Security Operation Support Activities covering IT & OT/PCD Environments
• Participate in information security risk assessments and serves as an internal resource to investigate security incidents
• Responsible for information security reviews in IT & OT/PCD (E.g. Annual vulnerability assessment, evergreen program, configuration review, user/admin access review & USB)
• Stay abreast with the latest emerging security threats and designs security architecture to mitigate threats where possible
• Develop and maintain the knowledge base, guidelines and standard operating procedures for security administration, particularly with regards to architecture and platforms change due to adoption of new technology