Senior Information Security Engineer
Taipei / KKCompany - Engineering / Permanent
Asia’s leading technology group, KKCompany Technologies (KKCompany), is a leader in software services. Our mission is to build “Freeways to Inspiration” and help industries achieve digital transformation. By creating technology highways with partners, we deliver our services around the world and drive value creation through future technology.
In addition to our flagship brands KKBOX, KKStream, and Going Cloud, our core technologies cover various fields such as music streaming, multimedia, and cloud services. Through a range of products and services, we help customers create commercial value. We also offer software services and solutions to over tens of millions of customers with corporate clients across Asia covering various industries such as telecommunications, entertainment and multimedia, media, education, and fitness centers.
We have over 500 employees across offices in Tokyo, Singapore, Taipei, Kaohsiung, and Hong Kong.
Responsibilities:
Security issue managementDiscover security vulnerabilitiesConduct regular security assessmentsInternal security education training programIntegrate security tools with CI/CD pipelinesDesign security related policies and guidelinesDesign or review security related workflow and SOPReview digital infrastructure and information systemsCooperate with IT and service operation team to secure our servicesAnalyze, assess, and respond to various information security incidents and risksDesign countermeasures, mitigations, and containment of information security incidentsRequirements:
Excellent communication skillsExcellent English reading and good English writingFamiliarity with one BSD or GNU/Linux OS distributionsKnowledge and skills of penetration testing tools or vulnerability scannerKnowledge of CDN, DNS, HTTP, VPN, TCP/IP, TLS, OSI model and REST APIExperience in cloud computingExperience in using container technology like: DockerExperience in using version control system like: GitExperience in software development or system administrationExperience with an interpreted language (PHP , Python, Ruby, or Shell Script)Familiarity with issue tracking / project management tools like: GitLab, Trac or JiraB.S or M.S degree in Computer Science, Security related field, or equivalent practical experienceNice to have:
Ability to interpret basic SQL queriesAbility to discuss, explain and summarize complex, technical topicsContributions to the security or open source communityExperience in IT or IT securityExperience in monitoring and alerting toolsExperience in Privileged Account ManagementExperience in MDM solutions like Microsoft Intune or JamfExperience in network management, firewall, IDS/IPS or SIEMExperience in OpenLDAP, Microsoft AD or Azure AD managementExperience in using various open source tools and technologies to solve problemsFamiliarity with secure coding practicesFamiliarity with OWASP top ten web application security risksCCSP, CISSP, CHFI, CND, CEH, CEH Practical or OSCP certificationKnowledge and skills of SAST, DAST toolsKnowledge about security frameworks like ISO 27000 series, PCI-DSS, NIST CSF