IT Security Officer/ Chuyên Viên Bảo Mật & An Toàn Thông Tin

1. Security Architecture and Implementation: Design and implement comprehensive security architecture to protect computer systems, networks, and sensitive information. Deploy and manage security technologies such as SIEM, SOC, IDS/IPS, Firewalls, Web Gateway, Endpoint Protection, WAF, DLP and NAC. Ensure continuous monitoring and adjustment of these measures.
2. Vulnerability Assessment: Plan and conduct regular vulnerability scans and penetration tests to identify security gaps. Evaluate results, prioritize risks, and implement remediation actions to address identified vulnerabilities and strengthen security defenses.
3. Threat Defense: Establish and manage robust defense mechanisms to protect IT infrastructure from unauthorized access, data breaches, modifications, and destruction. This includes continuously monitoring and defending against both internal and external threats.
4. Incident Response: Develop and maintain an incident response plan. Detect, assess, and respond swiftly to security incidents to minimize damage and prevent recurrence. Conduct thorough post-incident analysis to determine the root cause and impact and prepare detailed reports on security breaches and lessons learned.
5. Security Solutions Research: Conduct research to identify, evaluate, and recommend security solutions and technologies that address current and emerging threats. Analyze industry trends, security frameworks and best practices to ensure the organization adopts effective and up-to-date security measures.
6. Access Review: Periodically review user access (monthly or semi-annually) to ensure access controls are appropriate and align with security policies and best practices. Make necessary adjustments to access rights to prevent unauthorized access.
7. Risk Assessment and Mitigation: Conduct comprehensive Security risk assessments to identify potential vulnerabilities and threats. Analyze and prioritize risks, present findings to stakeholders, and develop and implement strategic mitigation plans to reduce risk exposure and enhance overall security posture.
8. Security Policy Development: Develop, review and continuously update cybersecurity policies and standards to ensure they align with industry's best practices, compliance requirements, and regulatory frameworks at local, state, and federal levels. Establish guidelines for secure system configurations, incident response, user access and data protection.