Information Security Project Consultant – Cloud Specialist
บริษัท โตโยต้า ทูโช ซิสเท็มส์ (ประเทศไทย) จำกัด- Design and develop security architectures for cloud and cloud/hybrid-based systems. Work with key areas of business and IT to develop baseline cloud, container and application security standards and features and integrate into CI/CD pipeline.
- Implement and design API Security, Container Security, AWS and Azure Cloud Security. Utilize a firm understanding of the offerings within Amazon Web Services (AWS) platform to design and implement cloud-native architectures and designs that will allow business requirements to be met with a minimal degree of risk to the company and customers; with appropriate security controls present.
- Efficiently analyze system architectures to develop appropriate security requirements which enforce customer's policies and standards.
- Identify and communicate current and emerging security threats across security domains to project teams.
- Create solutions that balance business requirements with information and cyber security requirements
- Manage multiple simultaneous fast-paced projects covering diverse business initiatives. Work on multiple projects and tasks concurrently.
- Collaborate with business units, application teams, architectural teams and third-party vendors to provide guidance on security controls for managing risk for customer.
- Perform risk assessments of information systems and infrastructure; develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management.
- Design security architecture elements to mitigate threats as they emerge. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Maintain highly developed knowledge of security best practices and technologies.
- Communicate technical topics to diverse audiences including technology teams, leaders and business users without a technical background Security Architecture Governance
- Understand the role of the security department and how it contributes to the overall goals and business strategy of the Company.
- Align standards, frameworks and security with overall business and technology strategy.
- Create baseline architecture standards for security controls for cloud and data center hosted solutions.
Additional Job Functions
- Develop and present Information Security reports and presentations on your area to management.
- Maintain highly developed knowledge of security best practices and technologies.
- Effectively identify, communicate, and escalate issues in a timely fashion.
- Minimum 5 years previous experience as a Security Analyst or Security Architect with deep knowledge of AWS native security tools.
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes: secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security within SaaS, IaaS, PaaS, and other cloud environments
- Experience with service-oriented architecture for cloud-based services, working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
- Familiarity with REST API design Hands on programming and scripting experience (Python, Java etc.) DevOps container/orchestration tools (Kubernetes, Docker, etc.) Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)
- Experience with deployment orchestration, automation, and security configuration management
- Experience as an information Security consultant/Architect in Banking and Financial services.
- A solid technical background with experience in system delivery including SDLC and security tools and technologies. Agile framework.
- Familiarity with standard network security technology solutions: e.g. firewall, router, VPN, IDS.
- Additional familiarity with the use of standard security technology solutions and processes such as: access control, user provisioning, directory, SIEM, vulnerability management, Cloud Access Security Brokers, Data Loss prevention solutions, anti-virus, single sign on, auditing, PKI and Cryptography.
- Understanding of network protocols, network topologies, virtual infrastructure, network segmentation, operating systems, databases, applications, and mobile security
- Understanding of FFIEC, GLBA and SOX and their applicability to technologies and applications and privacy laws (GDPR & CCPA)
- Knowledge and experience in vulnerability and risk related security and regulatory frameworks including ISO 27001, NIST and OWASP Top 20
- Excellent organizational, written and verbal communication skills.
- Need to be a Senior level and able to manage projects on their own with strong knowledge of Security and Technology Architecture
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
- Excellent interpersonal skills
- Good command of spoken and written English
- ค่าน้ำมันรถ, ค่าเดินทาง
- ประกันชีวิต
- ประกันสุขภาพ
- สิทธิการเบิกค่าทันตกรรม
- โบนัสตามผลงาน/ผลประกอบการ
Our focuses are on global network construction, application development, digital engineering, and support system to promote seamless technology throughout the group. With continuously growing performance, we are expanding our business in response with rapid growth of the industry. We offer generous remuneration and benefit package for self- motivated, service- oriented, with high working ethic professionals who strive for career success and willing to be part of this dynamic team.