Job Information
Carsome Senior Manager, Cloud Security Engineering in Mutiara Damansara, Malaysia
About You
The Senior Manager, Cloud Security Engineering is pivotal in protecting Carsome's cloud infrastructure and applications. This role demands a profound technical acumen and hands-on leadership, combining deep expertise in cloud security technologies, methodologies, and industry best practices. The ideal candidate will balance strategic planning with operational execution, leading a dedicated team to design and uphold an extensive cloud security framework.
Your Day-to-Day
Strategic Leadership (40% - 50% of time)
Architect and uphold a multi-cloud security strategy across AWS, GCP, and Azure, tailored to align with Carsome's business goals and risk profile.
Craft and implement rigorous cloud security policies, standards, and guidelines, drawing from established industry frameworks such as CIS and NIST.
Oversee the selection, deployment, and refinement of key cloud security tools and services, including OWASP standards, QRadar SIEM, and CrowdStrike.
Manage and enhance relationships with key external security vendors and service providers.
Operational Excellence (60-50% of time):
Direct comprehensive vulnerability assessment and penetration testing activities, encompassing black-box, white-box, and grey-box approaches.
Lead threat modelling and risk assessments to pinpoint and mitigate potential security vulnerabilities.
Monitor cloud environments continuously for security incidents and ensure rapid response to security alerts.
Promote and integrate secure software development practices (DevSecOps) throughout the organisation.
Compliance & Governance:
Guarantee adherence to pertinent security regulations and standards, including SOX and ITGC.
Collaborate with internal audit and risk management teams to fortify Carsome's security stature.
Assist in the creation and ongoing maintenance of security documentation.
Team Leadership:
Mentor, manage, and cultivate a high-performing team of cloud security engineers.
Encourage a security-first culture and champion ongoing professional development within the team.
Your Know-How
Over 7 years of experience in cloud security engineering, with a minimum of 2 years in a leadership role.
Proficient in security architectures and services across AWS, GCP, and Azure.
Comprehensive knowledge of security tools and technologies such as SIEM, WAF, EDR, and CASB.
Well-versed in security frameworks and standards like CIS, NIST, and ISO 27001.
Skilled in secure software development practices (DevSecOps).
Experienced in conducting vulnerability assessments and penetration testing.
Familiar with compliance and regulatory frameworks such as SOX and ITGC.
Exceptional communication, interpersonal, and leadership abilities.
Qualifications & Skills
Bachelor's degree in Computer Science, Cybersecurity, or related field.
Certifications such as CISSP, CCSP, or CCSK.
Prior experience in a rapidly growing technology firm.
Proven track record in negotiating and managing contracts with security vendors.
Other Information
Reporting Manager: Head of ITSO
Working Hours: 9am – 6pm, Mon – Fri
Working Location: HQ, KYM tower