Vacancies available in Nettium Sdn Bhd

Web Security Specialist

Min 3 years


We are seeking a Web Security Specialist with an ability to understand business and information security strategy
and support a road map of initiatives and experience in the information security field.

The Web Security Specialist will be responsible for the support activities of various staff
members within the IT Security department and ISO 27001 Information Security Management System (ISMS). This includes creating partnerships with business and IT management to ensure the implementation of enterprise web security methods and controls for assigning, monitoring, and following through with various operational and web security practices to help mitigate the security threat environment to the company. Under general direction, is responsible for maintaining the daily support and development of processes and procedures that impact web security protective measures for the company including security architecture, web security controls, web vulnerability management, and web application security.
Responsibilities include:

• Serves as a security expert to the enterprise on how to best utilize the web security architecture and
applications to help align business processes and systems to achieve enterprise security goals.
• Design, implementation, operation, and maintenance of the Corporate Web Security program
based on industry frameworks, standards, and best practices.
• Manages a web security program that proactively collects, assesses, communicates, and
remediates web security threats to reduce the company’s risk exposure and better positions the
company to prepare for security threats through web and mobile applications.
• Coordinate and perform system penetration testing and vulnerability assessment testing of
proposed web and mobile business and information technology applications and systems and
recommends action based on impact to the corporate security information security program guidelines.
• Responsible for the web vulnerability scanning program and conducts regular scans of Company web
computing platforms to detect the presence of vulnerabilities, malware, unauthorized software and web
security threats and risks.
• Lead and assist of ISO 27001 implementation and certification.
• Provides specialist guidance on the interpretation of relevant national and international standards (e.g. PCIDSS, ISO 27001) with respect to the quality system.
• Provide detailed & pragmatic recommendations for control gaps and assist the organization in meeting compliance.
• Constantly revise quality related documents, processes & procedures to ensure suitability to operations and amendments are reflected accordingly.
• Implementation support for any new gaps or changes based on the compliance assessment.


• Candidate must possess at least a Bachelor's Degree, Post Graduate Diploma, Professional Degree, Computer Science/Information Technology or equivalent.
• Education/skills acquired from information security technology experience, and experience with
Information Technology with emphasis in information security.
• At least 3 years of directly-related work experience and understanding of web information security architecture and principles.
• Proven hands-on experience in performing IT security services or implementing solutions in the areas of ISO/IEC 27001, enterprise risk assessment, enterprise security framework, penetration testing or application security review.
• Understanding of web security standards, architecture, web security best practices and application
security best practices.
• Ability to form effective partnerships with all levels.
• Ability in defining, developing, and supporting web security technical infrastructures or web
applications and methodologies, ability to communicate effectively and explain security technical controls
and concepts and present content to all levels of personnel including executives.
• Possesses working knowledge of the information security field, including but not limited to security
policies, standards, controls, guidelines, infrastructure, security technology capabilities, information
security risk assessments, configuration management, security event management, vulnerability
management, patching, and forensics.
• Possesses skills with information security management skills in the following aspects of corporate
o Web Security Architecture
o Application Security
o White Box Testing
o Open Web Application Security Project (OWASP) standards
o Security software
o Network security systems
o Vulnerability scanning tools
• Attainment of information security certifications such as ISO 27001 Lead Auditor, Certified Information Security Systems Professional (CISSP), or Certified Ethical Hacker (CEH) is a plus.