Kerja Sepenuh Masa, Cyber Hygiene Analyst (Specialist) di Commerz Global Service Solutions Selangor - Maukerja

Job purpose:

• As a Cyber Hygiene Expert, you are responsible for the continuous improvement of the technical security foundation of our bank. You ensure that systems, applications, and infrastructures are operated and hardened in accordance with current security standards.

Key Activities:

Operational Vulnerability Management:

• Operation and further development of the vulnerability management process
• Execution, assessment, and follow-up of vulnerability scans
• Risk-based prioritization and management of remediation measures
• Reporting vulnerabilities, trends, and KPIs to relevant stakeholders
• Support during audits and regulatory examinations

System and Application Hardening:

• Advising infrastructure, platform, and application owners on secure configuration of systems
• Implementation and establishment of hardening guidelines based on recognized standards (e.g., CIS Benchmarks)
• Reviewing systems for configuration deviations
• Supporting projects by integrating security best practices at an early stage

Secrets Management & Secure Authentication:

• Identification and reduction of hard-coded or insecurely stored credentials
• Advising on secure management of secrets (e.g., passwords, API keys, certificates)
• Supporting the use of secrets management solutions

Governance & Awareness in the Technical Environment:

• Translating security requirements into actionable technical measures
• Close collaboration with IT operations, architecture, DevOps, and application teams
• Contributing to the development of security policies and standards
• Training and raising awareness of technical teams on cyber hygiene topics

Formal Education:

Bachelor’s degree or higher in Information Security, Computer Science, Computer Engineering, or a related field.

Specialist knowledge (work experience, further qualification):

• 3+ years of relevant experience in cybersecurity — preferably within the Banking and Finance industry.
• Proven practical experience in operational vulnerability management.
• Knowledge of system, application, and network hardening as well as relevant security standards and frameworks
• Experience with secrets management solutions (e.g., HashiCorp Vault, CyberArk, Azure Key Vault, or similar) is desirable
• Understanding of regulatory requirements in the financial sector
• Strong risk awareness and structured working approach
• Ability to communicate technical matters effectively to target audiences
• High degree of initiative and sense of responsibility
• Team orientation and assertiveness in security-related issues
• Excellent English language skills