• Enhance, support and monitor suspicious events of IT security infrastructure including but not limited to end-point protection solution, end-point / network detection and response system (EDR/NDR), web application firewall (WAF), privileged account management system (PAM), centralised log management system, security information and event management system (SIEM), mobile device management system (MDM), web filtering system, patch management system, etc.

• Manage the security aspects of network infrastructure including network appliances and firewalls

• Manage security matters including configuration and hardening of servers and network appliances, recommend on application / program hardening

• Serve as security administrator in IT security organisations including the Information Security Steering Committee and IT Security Management Unit to provide updates on all IT security related matters;

• Review system development project deliverables, documentation and operating procedures, identify IT security shortfalls and recommend improvements;

• Review and update the departmental IT security policies and guidelines according to the latest changes in Government-wide baseline or ad hoc circulars, and provide recommendations to plug the compliance gaps

• Coordinate application and infrastructure teams to produce and maintain IT security related system documentation including capacity management plan, up-to-date hardware and software list, configuration and network diagrams, etc

• Monitor software end-of-support, produce migration plan, and ensure on-time completion of associated measures

• Degree in computer subjects or related disciplines

• At least 6 years’ experience in IT security

• At least one of the industry-recognised IT security certifications (e.g. CISA, CISSP, CISP, etc.)

• Hands-on experience in technical support for IT security infrastructure and network equipment (e.g. Cisco, H3C, Huawei, etc.);

• Hands-on experience in IT security design, implementation and operations in application system development projects, preferably using the Government Cloud Infrastructure Services (GCIS);

• Experience in the technology and security risks of cloud-native applications running in a virtualised and/or containerized environment

• Experience in compliance of government IT security policies and guidelines (e.g. S17, G3, SRAA, PIA), preferably for Tier 2 or Tier 3 systems

• Good command of written and spoken English and Chinese

• Good communication skills and customer service skills

If interested in the above post, please send full resume with academic background, work history, current and expected salary via [email protected]

For more job opportunity, please visit our website: www.clts.com

The personal information collected is strictly for recruitment purpose only.