Cyber Security Specialist
Taipei / KKBOX Group - Engineering / Permanent
KKBOX Group is Asia’s leading music entertainment company. Started by a group of music loving Internet software developers, we built and launched one of the world’s first music streaming services in 2005. Based in Taipei, the heart of Chinese pop music, we gradually grew our business from Taiwan out to Hong Kong, Singapore, Malaysia and Japan. Ever curious towards reinvention and discovering new business models of the future, we have expanded our business scope from music streaming to live events, technology services, content, investments and continue to explore reinvention through innovation in the digital entertainment space.
We are seeking a Security Engineer with experience to help KKBOX Group companies improve our security operations that focus on system protection, incident responding, policies and procedures, which keeps us away from the business risks.
In this role, you will work with both management support units and other business units to execute the group-level security plans. You will design security policies, implement related practices, investigate security events, and provide security training to the employees, in order to strengthen our digital resilience.
We are finding partners who love toCollaborate with cross-functional teams to deliver new processes and systems.Lead projects, set direction, manage cross-project priorities, deadlines and deliverables.Foster a culture of strong team collaboration and technical excellence.Adapt technology and methodology to solve the real world problems.Know WHY more than HOW, both in technical and non-technical domain.Take new problems or inexperienced skills as opportunities to learn and to share.Have the growth mindset to embrace any possibilities and willing to communicate.
Responsiblities:Investigate information security related issues.Implement security practices and improvements.Perform security risk assessments and evaluations.Identify and define information security requirements.Participate in the process of security issue management.Test digital infrastructure and report for possible threats vulnerabilities.Create and communicate company-wide security plans and procedures.Information security training.
Requirements:2+ years of prior relevant working experienceUnderstanding of DNS, TCP/IP, HTTP(s), SSL/TLS, OSI modelProficiency in scripting languages (e.g. Shell Script, PowerShell, Python)Excellent English reading and good English writingAt least familiar with one of the following systems: Windows, Linux, FreeBSD, macOS
Nice to have:Knowledge of cyber security best practices.Familiarity with OWASP top ten web application security risks.Familiarity with one of the most popular public cloud platforms. (e.g. AWS, Azure or GCP)Experience in system administration.Experience in network management or monitoring, firewall or IDS/IPS management.Experience of vulnerability scanning, penetration test, or code scanning.Experience of developing and implementing security procedures and policies.Experience of using various open source tools and technologies to solve problems.Security related certification, e.g.:1. CCNA security2. CEH (Certified Ethical Hacker)3. CPSA (EC-Council Certified Security Analyst)4. CHFI (Computer Hacking Forensic Investigator)5. CISSP (Certified Information Systems Security Professional)6. ECSA (EC-Council Certified Security Analyst)