Cybersecurity & IT Governance Experts (Security, Pen-Tester, Audit)

Job Summary: Protect the digital perimeter of one of the nation's largest and most dynamic retail tech ecosystems. You will serve as the crucial line of defense in safeguarding massive enterprise data, ensuring system integrity, proactively identifying vulnerabilities, and driving strict IT compliance across all Gosoft and affiliated platforms. This role requires a vigilant mindset to stay ahead of emerging threats and ensure that our infrastructure meets the highest global security standards.

Job Responsibilities:

• Cyber Security Operations (SecOps): * Continuously monitor network traffic and system logs for security incidents, analyzing anomalies and investigating potential data breaches.
  • Implement, configure, and manage enterprise security tools (Firewalls, SIEM, DLP, Endpoint Security) to protect the organization's infrastructure.
  • Develop and execute Incident Response (IR) plans to rapidly contain and mitigate security events.
• Penetration Testing & Vulnerability Management: * Proactively simulate sophisticated cyberattacks on corporate networks, web applications, APIs, and cloud environments (AWS, Azure, GCP).
  • Perform regular vulnerability scans, identify security gaps, and exploit weaknesses before malicious actors do.
  • Provide detailed remediation reports, technical guidance, and secure coding practices to software development teams.
• IT Audit, Risk & Compliance (Governance): * Conduct comprehensive internal IT audits, risk assessments, and gap analyses on technological processes and data management practices.
  • Ensure full compliance with legal regulations (e.g., PDPA, GDPR) and international security frameworks (e.g., ISO 27001, NIST, PCI-DSS).
  • Design and enforce IT security policies, procedures, and disaster recovery (DR) protocols across the organization.

Job Requirements:

• Junior (0-3 years): Strong foundational knowledge of network protocols, operating systems (Linux/Windows), and basic risk assessment. Eager to learn the latest threat landscapes, with hands-on academic or foundational experience in security tools.
• Mid-Senior (3-7 years): Capable of executing complex penetration tests, managing SIEM platforms, or leading internal IT audits independently. Can clearly translate and communicate technical security risks to non-technical stakeholders and management.
• Expert / Specialist (7+ years): Master-level expertise in enterprise security architecture or IT governance. Capable of driving organizational-wide security strategies, mentoring technical teams, and managing high-stakes compliance audits.

Skills / Tools & Technology:

• Security Operations: SIEM (Splunk, QRadar, ELK), EDR/MDR, IDS/IPS, WAF, DLP, IAM.
• Penetration Testing: Burp Suite, Metasploit, Nessus, Nmap, Wireshark, Kali Linux, Fortify, SonarQube.
• Governance Frameworks: ISO 27001, NIST Cybersecurity Framework, GDPR/PDPA, ITIL, COBIT, PCI-DSS.

Professional Certifications (Highly Preferred / Advantageous):

• For Security/Pen-Tester: CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CompTIA Security+, CISSP (Certified Information Systems Security Professional), CySA+.
• For Audit/Governance: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC, ISO 27001 Lead Auditor / Implementer.

Application Confidentiality & Future Opportunities: All applications will be treated with the strictest confidentiality. If your qualifications and experience align with the requirements of the role, our talent acquisition team will reach out to you directly. In the event that there is not an immediate fit, we will securely retain your profile for consideration against future suitable opportunities.

To explore other exciting career opportunities with us, please visit: https://www.careers-page.com/gosoftthailandcoltd