Cyber Security Analyst

Company: Infrasoft Technologies (Kiya.ai)

Department: Wealth Management IT Security (ITRCS)

Job Purpose

As an Operational Security Engineer, you will be responsible for strengthening the security posture of Wealth Management's global IT environment. This involves implementing and managing robust security controls across cloud, infrastructure, network, application, and vulnerability management domains.

Key Responsibilities

Cloud & Container Security

• Secure cloud infrastructure and container images using technologies like Docker and Kubernetes.
• Implement cloud image hardening, secure configuration, and access controls.
• Ensure compliance with organizational cloud security policies.

Network & System Security

• Design and implement secure network architectures.
• Apply firewall, WAF (Web Application Firewall), and anti-DDoS strategies to protect network traffic.
• Ensure endpoint and server system patching and hardening.

Vulnerability & Risk Management

• Conduct regular vulnerability assessments using tools such as Qualys, Rapid7, and Tanium.
• Prioritize and remediate vulnerabilities in coordination with Development and Infrastructure teams.
• Report risks and mitigation status to leadership.

Application Security

• Support Secure SDLC (Software Development Life Cycle) practices (SAST, DAST, SCA, threat modeling).
• Collaborate with developers to ensure secure coding practices.
• Ensure DevSecOps integration in CI/CD pipelines.

Compliance & Governance

• Ensure compliance with industry standards like ISO 27001, NIST, GDPR, PCI-DSS, and HIPAA.
• Align with regional regulators such as HKMA, MAS, and FINMA.
• Define and improve security policies and procedures.

Cybersecurity Operations

• Assist in incident investigations, SIEM (Security Information and Event Management) onboarding, and DLP (Data Loss Prevention) monitoring.
• Track, analyze, and mitigate cybersecurity threats across various environments.
• Contribute to regional and global reporting (dashboards, committee updates).

Technical Expertise

• Hands-on experience with Qualys, Tanium, Rapid7, Docker, and Kubernetes.
• Strong knowledge of firewall, endpoint security, and network protocols.
• Familiarity with DevSecOps, CI/CD pipelines, and secure application architecture.
• Understanding of IT security standards: ISO 27001, NIST, CIS.

Preferred Certifications:

• CISSP, CISM, CEH, CISA
• ISO 27001 LA, SANS, Azure/AWS Security certifications

Domain Experience

• Banking or Financial Services background (especially Wealth Management) is preferred.
• Understanding of APAC and global regulatory environments.

Why Join Us

• Be part of a globally recognized security team.
• Work on cutting-edge cloud and security technologies.
• Contribute to protecting one of the world's largest financial institutions.
• Embrace an inclusive culture with diversity at its core.

Apply Now with the subject - Cybersecurity analyst profile : [Confidential Information]