Head of SecOps and Advisory

PLATFORM ENGINEERING
Malaysia

Mid Senior level


Summary of responsibilities 


  • The Head of SecOps and Advisory will be responsible for leading and managing the company's Security Operations (SecOps) and threat intelligence advisory services. This role will oversee two critical teams: the Blue Team, focused on defensive security measures, and the Purple Team, which integrates both offensive and defensive strategies to improve overall security posture, including penetration testing (pentesting) and vulnerability assessments management. The successful candidate will be a strategic thinker, adept at managing security operations, and skilled in delivering actionable threat intelligence to protect the organization's assets.
  • Lead major improvement initiatives and engineering requirement in the overall Cybersecurity operation.
  • Implementing automation to enhance efficiency and effectiveness in security operations. Be aware of and uphold security responsibilities as stated in the company's information security policy.
  • Technical lead for day to day support on Cybersecurity incidents and trouble tickets.
  • Key member of the Senior Technical Committee for IT Security and represents SecOps within technology Division and PayNet.
  • Responsible for supporting efforts to develop solutions and automation workflows, improving overall response and security posture of PayNet.
  • Be part of change agent in special projects initiatives that aims to improve security posture, resiliency, operational efficiency ad effectiveness of controls.
  • Ensure sound security controls are in place, commensurate with business operations and risks posed.


Key Areas of Responsibilities


1.   Strategy & Leadership:


  • Lead, mentor, and manage the SecOps teams, ensuring effective collaboration and communication.
  • Develop and execute the strategic vision for SecOps and threat intelligence, aligning with the organization's overall security strategy.
  • Foster a culture of continuous improvement and professional development within the teams.


2.    Security Operation:


  • Oversee day-to-day security operations, incident response, and threat detection and mitigation activities.
  • Ensure the implementation and maintenance of robust security measures, policies, and procedures.
  • Monitor and analyze security alerts and incidents to identify potential threats and vulnerabilities.
  • Ensure the company's infrastructure is secured against all threats and vulnerabilities through continuous monitoring and incident response
  • Oversee the integration, optimization, and maintenance of security tools within the DevOps pipeline via GitOps methodology
  • Automate security processes to enhance efficiency, scalability, and reliability
  • Accountable for production issues and serves as a Subject Matter Expert (SME) within the area of cybersecurity, extending advice and consultancy to cross functional teams
  • Improve the efficiency and effectiveness of the provisioning and fulfilment cycle by way of automation of repeatable tasks and fact gathering
  • Coach and mentor junior team members within IT Security through knowledge transfers and on-the-job training
  • Supporting member of the Cyber Resilience initiative driven by and large by BNM’s RMiT & organisational/ business needs
  • Conduct proactive threat hunting to identify and mitigate advanced threats that evade traditional security measures
  • May be part of special projects team (based on your core capability) related to information security which may be needed to appropriately respond to ad-hoc (or as dictated by current business and technological developments) or unexpected information security events.


3.   Purple Team


  • Supervise and coordinate penetration testing (pentesting) and vulnerability management to identify security weaknesses.
  • Ensure comprehensive reporting of pentesting and VA results, including actionable recommendations for remediation.
  • Integrate offensive and defensive strategies by working closely with the Blue Team to implement findings from pentesting and VA activities.
  • Simulate real-world attack scenarios and improve detection and response capabilities.
  • Perform secure code review to identify and mitigate vulnerabilities in application code.


4.   Threat Intelligence and Advisory


  • Provide actionable threat intelligence to internal stakeholders to enhance the organization's security posture.
  • Deliver regular threat intelligence briefings, security updates and reports to executive leadership.
  • Stay current with emerging security trends, technologies, and threat landscapes.


5.   Risk Management and Compliance


  • Identify and assess security risks, implementing appropriate mitigation strategies.
  • Ensure compliance with relevant security standards, regulations, and best practices.
  • Conduct regular security audits and assessments to identify areas for improvement.


6.   Automation and Efficiency


  • Implement automation in security operations to enhance efficiency and effectiveness.
  • Identify and leverage advanced tools and technologies to streamline security processes and reduce manual intervention.
  • Continuously evaluate and improve automated systems to adapt to evolving security needs.
  • Keep abreast with industry security practices for technology adopted by PayNet, practices such as DevOps, GitOps should be commonplace.


Qualifications


Minimum Qualifications

  • Degree in Computer Science, Information Security or a related field with a minimum of 10 years of relevant work experience
  • Experience in the IT banking and Telecommunications sector would be an added advantage.
  • Experience with SOC, digital forensic, malware reverse engineering (optional), penetration testing and vulnerability management.

 

Technical Qualifications

  • Strong understanding of security frameworks, standards, and best practices (e.g., NIST, ISO 27001, CIS).
  • Proficiency in security technologies and tools, such as SIEM, NDR, EDR, IDS/IPS, and threat Relevant certifications in IT such as CCNA, CCNP, Fortinet NSE, and RHCSA
  • Relevant certifications in security such as CISSP, CISM, OSCP, or CompTIA SecurityX.
  • Experienced enhancing security posture across Networking, Cloud and on-prem environment.
  • Experienced in at least one programming language or scripting, particularly in Python, Java or shell scripting
  • Network Security, such as Next-Generation Firewalls & virtualization
  • Familiarity and experience in WAF (especially around defending against OWASP Top 10)
  • Good grasp of HTTP/S transport and Web content
  • Experience with Public Key Infrastructure (PKI), TLS, and certificate management
  • Container-based applications, Kubernetes (and corresponding network policies within the cluster)
  • Automation such as Ansible, Terraform
  • Familiarity with GitLab and GitOps approach for CI/CD

 

Additional Requirements:

  • Effective communication skills
  • Extremely diligent, fine eye for details, supreme problem-solving capabilities, and a team player
  • Strong leadership skills with a track record of developing and leading high-performing teams.
  • Excellent verbal and written communication skills.
  • Ability to think strategically and execute methodically.

 

APPLY

About the Company

Payments Network Malaysia Sdn Bhd

Embark on an exciting career journey with Payments Network Malaysia Sdn Bhd (PayNet), the heartbeat of Malaysia's financial markets!

As the national payments network and a pivotal infrastructure for Malaysia’s dynamic financial markets, PayNet is a linchpin in advancing the nation’s digital economy.

Our comprehensive suite of retail payment solutions - encompassing DuitNow (QR and P2P), JomPAY (Bill Payments), FPX (Online), MyDebit (Domestic Debit), MEPS (ATM), and IBG (Interbank GIRO) - not only offer wide accessibility but are seamlessly integrated into the fabric of daily life in Malaysia. These services have revolutionised the way Malaysians handle financial transactions, marking a significant leap in consumer convenience and efficiency.

At PayNet, our focus is on providing a safe, efficient, and innovative payments system. We are dedicated to improving and managing payment services that meet the evolving needs of consumers and businesses. Our work ensures the stability and reliability of Malaysia’s financial system, supporting the growth of the economy.

Learn more about our work and how we are contributing to Malaysia's financial future at www.paynet.my.

Join us in embracing digital payments and advancing Malaysia's financial landscape.