Cyber Security Specialist

Cyber Security SpecialistWork Location: KL, MalaysiaJob Type: 12+ Years ContractFirewall Management (Fortigate, Sangfor)Administer, monitor, and optimize firewall policies and rules.Perform regular policy reviews and cleanup of unused/obsolete rules.Monitor logs for intrusion attempts, anomalies, and policy violations.Manage VPN configurations (site-to-site and remote access).Conduct firmware updates, backups, and health checks.Coordinate with network teams on connectivity and segmentation improvements.Liaise with NOC (vendor) on firewalls monthly report, change request or technical changes as required.Microsoft 365 Security & Compliance (Intune MDM, Exchange Online, Security)Manage and enforce endpoint (endpoint, mobile device) compliance policies via Intune MDM.Implement and maintain Conditional Access, device encryption, and application protection policies.Monitor and remediate Exchange Online threats (phishing, spoofing, spam) and configure policies or rules (if applicable).Review and optimize Microsoft 365 security posture using Secure Score and compliance reports.Nessus Scanning (On-Prem Tenable)Administer and maintain the on-premises Tenable Nessus scanning platform.Schedule and perform regular vulnerability scans across all designated network segments and critical assets.Analyze scan results, prioritize vulnerabilities, and coordinate remediation efforts with relevant teams.Update scan policies, plugins, and credentials to ensure comprehensive coverage and up-to-date detection capabilities.Generate and distribute vulnerability assessment reports to stakeholders and management.Ensure compliance with internal security standards and regulatory requirements through ongoing scanning and reporting.Collaborate with Digital teams to address scan findings and improve overall security posture.Endpoint Detection & Response (CrowdStrike Suite)Monitor, triage, and respond to security alerts generated by CrowdStrike Falcon platform.Coordinate with Falcon Complete Team for incident validation, containment, and remediation.Review Identity Threat Protection and Exposure Management dashboards to identify vulnerabilities and misconfigurations.Maintain, improve cybersecurity platform/appliances logs and alerts into NextGen SIEM and Fusion SOAR platforms for automated correlation and response.Perform periodic health checks to ensure endpoint coverage, sensor version consistency, and policy compliance.Track and remediate endpoints that are offline, unprotected, or misconfigured.Conduct threat hunting activities using Falcon Insight to detect potential compromises.Generate, review, and consolidate weekly and monthly reports covering:Threat types (malware, behavioral detections, identity-based attacks)Detection trends, endpoint status, and incident summaryEndpoint coverage metrics and remediation timelineFalse positive analysis and tuning recommendationsPresent consolidated reports to Section Head, ITInfrastructure & Security summarizing threat posture, incident trends, and improvement actions.Network Access Control (EasyNAC)Manage onboarding and enforcement policies for endpoints connecting to the corporate network.Monitor unauthorized devices and enforce access control rules.Coordinate with IT operations for exception handling and remediation.Generate compliance reports and maintain NAC inventory integrity.Secure Email Gateway (Mimecast)Administer and optimize email security policies, including spam filtering, malware detection, and impersonation protection.Maintain and update allow/block lists, URL protection, and attachment management rules.Review and release quarantined messages in accordance with established security policies.Analyze email security alerts and trends to identify emerging threats or policy gaps.Work closely with the Digital Governance & Compliance team to plan and execute cybersecurity awareness and phishing simulation campaigns.Enhance user protection by reviewing and improving the CyberGraph AI feature, ensuring better detection of targeted phishing attempts.Raise and track support tickets with Mimecast Support and coordinate with local partner/vendor for troubleshooting, configuration changes, or feature enhancements.Generate and consolidate monthly reports summarizing:Phishing and spam trendsUsers click-rate statistics from awareness campaignsPolicy performance and false positive ratesImprovement actions or configuration changes implementedConduct periodic policy reviews to align with evolving email threat landscapes and compliance requirements.Network Detection & Response (NDR)Monitor network traffic for behavioral anomalies and lateral movement attempts.Investigate alerts and collaborate with NDR MDR Team and local Digital Team for incident response.Maintain and improve CrowdStrike integration for unified threat correlation.Perform tuning of detection rules and exclusions to reduce false positives.Conduct regular threat hunting based on AI-driven insights.Privileged Access Management (PAM)Administer and maintain the PAM platform, ensuring secure management of privileged accounts across systems, servers, and network devices.Enforce least-privilege access policies and maintain proper account lifecycle management for all privileged identities.Configure and monitor session recording, credential vaulting, and automatic password rotation features.Review access logs, privileged session activities, and alerts for suspicious or unauthorized behavior.Conduct periodic access reviews with system owners to validate privilege appropriateness and compliance.Oversee integration of PAM with key systems such as Active Directory, critical servers, firewalls, and network devices.Ensure system health, backups, and high availability configurations are functioning correctly.Coordinate with internal IT and cybersecurity teams for onboarding new systems or applications into PAM.Manage and communicate with assigned local partner (Managed Service Provider) responsible for day-to-day PAM operations, including:Overseeing service delivery and ensuring adherence to SLAsReviewing MSP performance reports, incident logs, and maintenance activitiesApproving configuration changes and enhancements proposed by the MSPEscalating and tracking technical issues or service gaps until resolutionConducting periodic service review meetings to ensure continuous improvement and compliance with security standardsGenerate and consolidate monthly management reports summarizing:Privileged account activities and usage trendsAccess anomalies or violations detectedPassword rotation compliance and policy statusMSP performance metrics and support issuesRecommend improvements to PAM configuration, policies, and operational processes to strengthen overall identity and access security posture.Vulnerability Assessment and Penetration Testing (VAPT)Coordinate with external vendors for annual VAPT exercises.Facilitate scope definition, testing schedule, and access provisioning.Review VAPT reports and track remediation with system owners.Validate closure of identified vulnerabilities and maintain audit trail.Update to Section Head, IT Infrastructure & Security reports summarizing findings and remediation progress.Project Management for Cybersecurity InitiativesPlan, coordinate, and manage cybersecurity projects from initiation to completion.Define project scope, objectives, deliverables, and timelines aligned with organizational goals.Work with internal stakeholders and external vendors to ensure smooth implementation.Monitor progress, manage risks, and resolve issues to keep projects on track.Oversee procurement, budget, and resource allocation for security initiatives.Ensure all project activities follow change management and compliance requirements.Prepare regular status updates and post-implementation reports for management.Private Cloud Security & Compliance OversightAct as the primary cybersecurity liaison between client and the private cloud service provider.Review and validate the provider’s security posture, including patching cadence, access management, and vulnerability remediation.Ensure network segmentation, firewall, and VPN configurations between client and the provider align with internal policies.Coordinate and validate backup integrity, data encryption, and incident response readiness with the provider.Participate in monthly or quarterly service review meetings to discuss performance, incidents, and improvement actions.Review and track security SLA metrics (e.g., uptime, incident response time, patching timelines).Ensure the provider complies with contractual security obligations, including data protection, PDPA compliance, and ISO 27001 or SOC 2 standards (if applicable).Validate that log forwarding and security event integration (from the cloud workloads) are properly feeding into CrowdStrike SIEM or relevant monitoring tools.Coordinate with the provider to support vulnerability scanning, VAPT, or audit evidence collection when required.Document and escalate any security gaps, exceptions, or non-compliance findings to the Section Head, IT Infrastructure & Security, and track remediation progress.Review and approve the provider’s change management or maintenance activities impacting security controls or system availability.OthersRecommend enhancements to security controls and architecture.Keep abreast of emerging threats and technology updates.Participate in security projects and proof-of-concepts (POC) for new tools or integrations.