蚂蚁金服Ant International-Security Operations & Governance Analyst (1 year Contract)-Malaysia
任职要求
● Bachelor's degree in Computer Science, IT, Software Engineering, or equivalent is required ● Any security certifcations Security+, CySA+, CEH, GIAC GSEC, GIAC GCDA, GIAC GDAT, CISA, CISM, CISSP will be a plus ● Good understanding of network security, operating systems, SQL programming ● 1-5 years of relevant security monitoring/SOC experience ● Having experience in handling governance, risk, compliance work will be a plus
工作职责
L1 SOC monitoring (24x7 shift basis) ● L1 SOC monitoring of security alerts 24x7 utilising SIEM, EDR tools, and intrusion detection systems (IDS/IPS) ● Analyse logs, network traffic, end point data or other source logs to identify suspicious activity or indicators of compromise (IoCs). ● Triage and prioritize alerts based on severity, impact, and organizational risk, and perform required escalations and mitigations Incident response ● Perform containment and mitigation actions for incidents. Escalate confirmed or high-risk incidents to L2/L3 analysts or incident response teams. ● Collate required information to complete incident documentation and report if necessary. Governance ● To support the Security GRC team during regulatory inspection, external audit, customer queries, security certificate programs, and internal audit projects to ensure compliance with regulations and customer requirements. ● Perform due diligence to assess the information security posture of our third parties ● Support in any on-site assessments of our third party / outsourced parties Vulnerability & threat intelligence: ● Stay updated on emerging threats through threat intelligence
Join NVIDIA’s Security Team as Manager of our China Security Operations Center (SOC), safeguarding the discoveries that power AI, accelerated computing, autonomous machines, and gaming worldwide. Based in mainland China, you will lead analysts who detect, investigate, and contain threats. Your blend of technical depth and empathetic leadership will keep local operations fully aligned with PIPL and other relevant Chinese cybersecurity regulations while sharing intelligence with NVIDIA’s global defenses wherever lawful. Harnessing short Scrum cycles, you’ll drive rapid improvements—from tuning detections to automating playbooks—so every sprint delivers measurable risk reduction. If decisive action, analytical grit, and cross‑functional collaboration excite you, we invite you to craft the future of security at NVIDIA. Resilience emerges where clarity, speed, and trust converge! Ready to convert expertise into agile defenses that keep NVIDIA’s innovations safe?You lead with confident vitality, turning sophisticated threats into clear, time‑boxed objectives and empowering your team to act. Anchored in Agile values, you favor individuals and interactions, working solutions, and fast feedback—ensuring each sprint delivers customer value without sacrificing real‑time response. Data grounds your decisions, passion energizes partners, and steady support nurtures growth even as you set the standard. What you’ll be doing: • Guide, mentor, and develop SOC analysts in China, encouraging a high‑performance, inclusive culture. • Architect and continuously improve monitoring, detection, and response across on‑prem, hybrid, and multi‑cloud environments and protect GPU‑accelerated AI/ML pipelines. • Run the team in Scrum: facilitate planning, stand‑ups, reviews, and retrospectives; maintain a transparent backlog ordered by risk reduction and customer value. • Embed PIPL and other relevant Chinese cybersecurity regulations into day‑to‑day SOC processes, partnering with Legal and Compliance teams while supporting global collaboration where permissible. • Define, track, and act on metrics (MTTD, MTTR, sprint velocity) and operate staffing/on‑call schedules that balance 24 × 7 coverage with follow‑the‑sun hand‑offs. • Evaluate and integrate China‑compliant security tooling and automation, sharing threat intelligence and capabilities with the wider NVIDIA SOC as regulations allow.
- Lead the security operations function aligned with organizational goals and risks appetites, and collaborate with other security functional teams to enhance protection measures and overall security posture. - Develop and maintain the organization’s incident response playbooks and security operational runbooks. - Manage outsourced service providers, including intra-group outsourcing arrangements and other third-party vendors. Perform regular evaluations of vendor performance and oversee Service Level Agreements (SLAs). - Ensure high performance, accountability, and compliance from all outsourced providers while optimizing costs. - Lead the organization’s incident response efforts, working closely with internal teams and external partners during security events. - Conduct detailed investigations into security breaches and anomalous activities, and provide insights for remediation and improvement. - Communicate actionable insights and updates on the evolving threat landscape to relevant stakeholders. - Identify and implement new technologies, tools, and methodologies to enhance security operations efficiency and effectiveness. - Provide regular reporting to leadership and other functional heads on security operations metrics and trends.
- Manage daily security operations (patrols, CCTV, access control) to entire LEX network. - Lead and train security staff to maintain high service and safety standards. - Manage incident reports, investigations, and emergency response. - Coordinate with local authorities and external partners. - Ensure compliance with safety and security regulations.
1. Physical Security:• Develop and maintain physical security standards and procedures for all facilities.• Manage access control systems, surveillance technologies (CCTV), detection, and perimeter security.• Coordinate site risk assessments and implement corrective measures.• Oversee security contractors and ensure compliance with service-level agreements. 2. Security Operations Center (SOC):• Lead 24/7 monitoring of incidents, threats, and emergencies affecting personnel, facilities, and operations.• Manage incident reporting, escalation protocols, and real-time response coordination.• Ensure SOC integration with emergency services, crisis response, and business continuity teams.• Maintain incident tracking systems and dashboards with KPIs and performance reports. 3. EHS (Environment, Health & Safety):• Implement EHS programs aligned with local regulations and global standards.• Conduct safety audits, risk assessments, and compliance inspections.• Promote a safety culture through training, awareness campaigns, and best practice sharing.• Lead investigations of EHS-related incidents and ensure timely reporting and corrective actions. 4. Risk Management & Compliance:• Identify and assess security and safety risks across operations.• Ensure adherence to applicable laws, regulations, and industry best practices.• Develop and test emergency response plans, including fire drills, evacuation procedures, and crisis simulations. 5. Stakeholder Engagement & Reporting:• Prepare regular reports and presentations for senior leadership on security performance, incident trends, and risk posture.• Support cross-functional projects requiring security and safety input.