Security Risk

**JOB OVERVIEW**

We are looking for 03 Security Risk to join SAS - Cyber Security Assurance Service Teams. As a provider of cybersecurity services, SAS focuses on three key areas:
2. Security Engineering - offering consulting, design, and development of security systems, with a strong focus on cloud platforms such as AWS and Azure;
3. Managed Security Services - delivering outsourced solutions for the operation, monitoring, threat detection, and incident response in information security.

At SAS, we not only deliver high-quality solutions but also create a dynamic and growth-oriented working environment:

- Opportunities to learn and develop through training programs, certifications, and real project experience
- Financial support of up to $2,000 per year for at least two professional certificates
- Work exclusively with international clients from the EU, US, Japan, Korea, Singapore, and more
- Opportunities for onsite assignments abroad, both short-term and long-term.

**RESPONSIBILITIES**
- The role is accountable for performing initial triaging and analysis of security incident tickets generated by multiple detection and monitoring systems, including:

- The role evaluates alerts, distinguishes false positives from genuine threats, and escalates incidents requiring advanced investigation to senior security teams or third-party providers.
- In addition to incident management, the role supports global service request tickets, handling security-related documentation such as risk questionnaires, compliance certificates, audit reports, and third-party assessments.

**REQUIREMENTS**

**_ Security Fundamentals:_**
- Strong understanding of cybersecurity principles: Confidentiality, integrity, availability, threat modelling, risk assessment, and control frameworks (e.g., NIST, ISO 27001, SOC2, PCI DSS).
- Knowledge of common threats and vulnerabilities: Malware, phishing, ransomware, social engineering, DDoS attacks, and data breaches.
- Experience with security controls: Firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus/antimalware, encryption, access control, and data loss prevention (DLP).

**_Security Operations:_**
- Incident triage, investigation, and escalation.
- Threat hunting and analysis.
- Root cause analysis and remediation.
- Incident reporting and documentation.
- Security Monitoring: Proficiency in monitoring security logs and alerts from various security tools (e.g., SIEM, EDR).
- Threat Intelligence: Ability to analyse threat intelligence feeds (e.g., from BlueVoyant) and identify potential threats to projects.
- Working knowledge of third-party risk management platforms including UpGuard, CyberGRX, OneTrust.

**_Compliance and Risk Management:_**
- Understanding and working knowledge of risk and security regulations and standards: GDPR, ISO 27001, ISO 31000 etc.
- Experience with risk assessments and audits: Conducting vulnerability assessments, penetration testing, and third-party risk assessments.
- Ability to interpret and analyse security policies and procedures.

**_Nice to have_**

**WHAT COMPANY OFFERS**
- Salary range: upto $3000
- Performance-based bonuses up to 1-3 months’ salary
- FPT Care insurance plan tailored for FPT employees
- Attractive annual summer vacation allowance
- Sponsored training courses for personal growth and up to 100% coverage for certification costs
- Global and inclusive workplace with monthly cross-cultural events
- International exposure and career growth across global locations
- Work-life balance benefits with a flexible leave policy and annual health check-ups to support employee well-being

**Offered Salary**

$3000-$5000

**Career Level**

Junior

**Experience**

2 Years