ROLE PURPOSE

The candidate is responsible for implementing and maintaining security controls across the bank’s cloud environments, endpoints, and on-premises infrastructure. This role supports the secure operation of core platforms by ensuring alignment with internal policies, regulatory standards, and industry best practices. The position requires strong technical capabilities, a deep understanding of modern infrastructure security, and effective collaboration with IT, DevOps, and Security Operations teams.

JOB RESPONSIBILITIES

Infrastructure & Platform Security

• Deploy and manage security technologies across servers, databases, networks, and virtualization platforms
• Enforce baseline configurations, hardening guidelines, and vulnerability remediation for infrastructure components
• Support implementation of network segmentation, firewalls, IDS/IPS, SIEM, PAM, and DDoS protections
• Collaborate with IT teams to validate secure configurations and operationalize security requirements

Cloud Security

• Implement security controls for multi-cloud and hybrid environments (e.g., AWS, Azure, GCP, Alibaba Cloud)
• Support integration of CASB, CSPM, and CWPP solutions to ensure cloud workload protection and policy enforcement
• Work with DevOps teams to embed security within CI/CD pipelines and infrastructure-as-code practices
• Monitor cloud configurations and services to detect misconfigurations and compliance deviations

Endpoint Security

• Maintain endpoint protection platforms including EDR/XDR for servers, desktops, laptops, and mobile devices
• Ensure consistent application of patching, hardening, and configuration standards across endpoint environments
• Assist in triage and remediation of endpoint-related incidents in coordination with the SOC

Threat Detection & Incident Response

• Support incident response activities related to infrastructure, cloud, or endpoint systems
• Perform root cause analysis, recommend corrective actions, and assist in recovery efforts
• Contribute to the development and testing of incident response, disaster recovery, and business continuity plans

Compliance & Risk Management

• Ensure platform controls align with regulatory frameworks such as ISO 27001, NIST CSF, PCI-DSS, MAS TRM, and local banking standards
• Assist with internal and external audits by providing evidence of control design and effectiveness
• Participate in security assessments, risk reviews, and technical remediation planning

Education & Special Training 
Essential

• Degree/Diploma in Computer Technology, Computer Science, Information Security, Cybersecurity, Computing, IT or equivalent

Desirable

• Equivalent experience and certifications (e.g., CCSP, AWS/Azure Security Specialty Certifications) are also considered.

Experience
Essential 

• 3–5 years of hands-on experience in platform, infrastructure, or cloud security engineering
• Strong understanding of cloud and on-prem infrastructure security principles and technologies
• Proven track record in implementing cloud security strategies (Alibaba, AWS, Azure, GCP) and managing on-premises security infrastructure
• Experience working with banking security frameworks, regulatory compliance, and risk management
• Hands-on experience in security operations, incident response, and threat intelligence
• Proficiency in tools such as firewalls, SIEM, EDR/XDR, IDS/IPS, vulnerability scanners, and PAM
• Familiarity with scripting and automation (e.g., Python, Bash, PowerShell, Terraform) is an advantage

Desirable

• Experience in the financial or banking sector

Knowledge & Skills 

• Strong knowledge of cloud security frameworks, best practices, and technologies, including IAM, encryption, compliance standards, and the shared responsibility model
• Proven expertise in endpoint security solutions such as EDR, XDR, DLP, and MDM across diverse environments
• In-depth understanding of network security concepts, including firewalls, IDS/IPS, VPNs, and zero-trust architecture
• Strong analytical and problem-solving capabilities with the ability to evaluate risks and implement effective security measures
• Experienced in managing cybersecurity projects and coordinating with third-party security vendor

Languages

• Excellent verbal and written communication skill; both in Myanmar and English