Loading...
Share this Job

A career at Amway is a career in opportunity. At Amway, you can explore and grow, make a difference, and find success. Established in 1959, Amway is a multi-billion dollar company, and the world’s No. 1 direct selling business, according to the Direct Selling News Global 100. Amway is a center of health, skincare and home product innovation and top-selling, global brands. We manufacture and distribute 450+ consumer products. More than 17,000 employees worldwide support millions of Amway Business Owners who sell Amway products.

IT SECURITY SPECIALIST  – (Vulnerability Assessment)

 

Roles & Responsibilities:

  • Providing vulnerability assessment to the Amway businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures or remediation's.
  • Typical assignments will involve on running vulnerability assessment tools, which includes operating system vulnerabilities, web application vulnerabilities, API gateway vulnerability, and cloud vulnerability .
  • Coordinate penetration testing activities to identify and evaluate potential vulnerabilities in various information systems and hardware.
  • Coordinate static code testing and analysis to identify security flaws in coding.

 

Essential Function

  • Conducts vulnerability scans and tests on a predetermined and ad-hoc basis.
  • Identifies critical vulnerabilities within the network, information systems and applications that could be exploited.
  • Uses automated tools (e.g., Rapid7 Nexpose/InsightVM, Micro Focus Webinspect) to perform vulnerability scans.
  • Collaborate with application owner to validates report findings and reduce false positives.
  • Act as subject matter expertise regarding vulnerability management to asset owners.
  • Tracks and validates remedial actions.
  • Compiles and tracks vulnerabilities over time to provide historical trend reporting and key risk indicators.
  • Performs vulnerability management system administration functions as required.
  • Facilitates penetration testing with third party service providers on web-based applications, networks and computer systems.
  • Provides guidance, recommended controls, and countermeasures regrading risk management (or identified vulnerabilities).
  • Evaluates findings and associated risks from penetration tests, and communicate findings and recommended remediation with stakeholders.
  • Coordinates red team testing including results reporting, tracking findings, and remediation follow-up and escalation.
  • Manages security code reviews through SaaS.
  • Tracks findings from static code analysis and ensures coding issues are addressed in a timely manner.
  • Use of independent judgment and discretion within assigned limits.

 

Requirements:

  • Bachelor’s or related degree in Computer Science or related field, or equivalent in work experience
  • Minimum 5 years of experience with vulnerability management including scoring and categorizing vulnerabilities as they relate to various business applications.
  • Experience in handling vulnerability management tools (eg:, Nexpose, etc).
  • Experience & understanding in handling Dynamic Application Scanning Tools (eg: WebInspect, AppSpider, etc).
  • Familiarity with open source tools such as Burpsuite, Wireshark, Nmap, SQLMap, etc.
  • Ability on Reporting information security vulnerabilities to businesses.
  • Knowledge of programming concepts for secure coding, experience with static code analysis and common tool sets, working knowledge in the application security domain (OWASP, etc.) and understanding of web services architecture and protecting public APIs.
  • Current knowledge of the latest vulnerabilities and programming exploits in all platform,  including Windows, Linux, Unix, Cisco, Oracle, SQL, AWS, Azure, etc.
  • Strong understanding of security vulnerabilities, NVD, CVSS, CVE, CWE, OWSP, CAPEC & Mitre ATT&CK framework.
  • Understanding the basic of penetration testing.
  • Web application infrastructure understanding, e.g. Application Servers, Web Servers, Databases
  • Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues
  • Web development and programming languages skills & understanding i.e. Python, Perl, Ruby, Java, and/or .Net
  • Be experienced managing enterprise-level assessment scanning of Servers, Networks, databases, and Web Applications.
  • Ability to manage multiple projects simultaneously that involve key stakeholders across a globally-distributed
  • Exceptional technical writing skills and attention to detail. Strong reporting & Excel reporting skills is a plus.
  • Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues using clear and concise language
  • Able to work independently with minimum supervision, and working independently in unstructured situations
  • Provides assistance to the team on generic security related items whenever needed
  • CISSP, CEH, OSCP, CREST will be an added advantage.
  • Occasional travels to other regional and international locations may be needed.

 

Other

  • This position is based in Bangsar South, KL.

 


Job Segment: Information Systems, Oracle, Database, Computer Science, SQL, Technology