937 Cybersecurity jobs in Malaysia

Join our dynamic Technology Cyber Security and Red Team to explore the cutting edge of offensive cybersecurity. This role focuses on open-source tool exploration, scripting, developing tools for phishing, security incidents, penetration testing, and offensive security research. You'll work in a hands-on environment, contributing to vital projects while developing your skills in cybersecurity innovation.

Duties and Responsibilities:

• Offensive Security Research: Explore and analyze open-source tools and methodologies in offensive security.
• Scripting and Tool Development: Create scripts and tools for phishing simulations, security incident response, and penetration testing.
• Penetration Testing and Vulnerability Analysis: Assist in conducting penetration tests and vulnerability assessments when needed , identifying potential security risks together with Digital Hub team .
• Phishing Simulation and Incident Response: Develop and conduct phishing simulation campaigns and support incident response scenarios.
• Project Management and Documentation: Manage project timelines, ensure thorough documentation, and coordinate among different team components.
• Stay up-to-date on the latest security threats and vulnerabilities.

Requirements:

• Degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Basic understanding of cybersecurity principles and eagerness to learn.
• Familiarity with programming/scripting languages (Python, Bash, etc.).
• Basic knowledge of network and application security.
• Strong understanding of network security concepts, TCP/IP protocols, and common vulnerabilities.
• Experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
• Excellent problem-solving and analytical skills.
• Strong organizational and communication abilities.
• Curiosity and passion for cybersecurity

Added Advantages:

• Experience with Capture the Flag (CTF) competitions.
• Engagement with platforms like Tryhackme, Hackthebox, PentestLab and etcs.
• Active participation in cybersecurity communities and conferences.

What We Offer:

• A collaborative and innovative environment.
• Hands-on experience with real-world cybersecurity challenges.
• Guidance and mentorship from industry experts.
• Opportunity to contribute to impactful cybersecurity projects.

Benefits:

• Hybrid and flexible working arrangement
• Leaves: Annual Leave, Medical Leave, Hospitalization Leave, Special Leave.
• Medical Benefits – Sunway Medical Insurance for Outpatient & Inpatient inclusive for dependents.
• Dental and Optical benefits.
• Group Term Life & Personal Accident Insurance Scheme.
• Executive Health Screening for confirmed executive.
• Salary increment based on individual performance.
• Bonus based on company & individual performance.
• Career Development: Training and certification sponsored by the company, Annual Talent Review, Career Planning.
• Rewards and recognition: Long Service Award.
• Additional Benefits: Staff Discount (i.e. ThemePark, Hospitality, Education, Property, Medical, Retail, Food & Beverages), Sports and Recreational, Family Day, Annual Dinner, Flexible Working Arrangement for working mothers.
• Open communication. Young, energetic and fun working environment.

Are you ready to elevate your working skills and experience? Click the 'Apply Now' and you are one step ahead to an outstanding career.

Our recruitment team will reach out to shortlisted candidates only.

Sunway Services Sdn Bhd

Overview

Mindvalley is seeking a Cybersecurity Engineer to strengthen the overall security posture of our platforms, endpoints, cloud services, and applications. This role goes beyond traditional AppSec — you will work across engineering, product, and IT teams to remediate vulnerabilities, improve security tool configurations, and design automated workflows that reduce manual security effort. If you're someone who loves getting hands-on, enjoys teaming up across functions, and gets excited about using AI and automation to turn complex security challenges into streamlined, scalable solutions — we want to hear from you.

• Triage and investigate security alerts from multiple sources (e.g., CrowdStrike, GuardRails, ASM, GCP, GWS).
• Work with Tech, Product, and IT teams to remediate vulnerabilities, misconfigurations, and incidents.
• Improve detection and prevention by tuning/configuring GCP, GWS, and other security tools.
• Automate repetitive security processes (e.g., alert filtering, access reviews, vulnerability reporting) using scripting, APIs, or workflow automation platforms.
• Conduct periodic application and infrastructure security assessments.
• Participate in secure SDLC by providing feedback to engineering teams.
• Document processes and contribute to Mindvalley’s PSPG framework (policies, standards, procedures, guidelines).

• 3–5 years in cybersecurity operations, cloud security, or vulnerability management.
• Solid understanding of web/app/API vulnerabilities (OWASP Top 10) and cloud security basics (preferably GCP/GWS).
• Experience with at least one scripting/automation language (Python, JS, or automation platforms like Make.com).
• Familiarity with vulnerability management and SIEM/log analysis tools.
• Strong problem-solving skills; able to balance firefighting with long-term improvements.
• Preferred: certifications (e.g., OSCP, GCP Security Engineer), prior experience automating security workflows, or participation in bug bounty/security communities.

Mindvalley is an equal opportunity employer and does not discriminate on the basis of race, colour, religion, gender identity or expression, national origin, age, disability, marital status, sexual orientation, or any other legally protected status. We are committed to creating a diverse and inclusive workplace and encourage applications from all qualified individuals.

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia Tech Titan

Flexible to accommodate urgent customer needs over weekends and public holidays

Perform tasks such as issues, deploying products, collecting artefacts for debugging

Provide high quality technical support by helping customers resolve issues including explaining usage, debugging failures, pinpointing problems, implementing workarounds, increasing performance, improving security, and determining root causes

Documenting all support issue details while supporting customers to ensure details are available for all relevant parties

Work cooperatively with team members to arrive at issue resolution as per Service Level Agreement before escalating to engineering team

Contribute, maintain, and improve knowledge base articles, training materials, and other repositories of information

Report customer use cases, requirements, enhancement requests, and recommend fixes

Practice the give and take model of knowledge and experience exchange by sharing information to the team

Constantly improving job skills through participation in product, technology, and customer service training as it is made available

Participate in improving processes, communication, systems, etc.

Demonstrated Required Skills and Abilities:

Graduated with Bachelor's Degree in Computer Science or Engineering or equivalent technical experience

Able to communicate in English (written)

For Mac, Windows, Linux, iOS, or Android

In Xcode, Visual Studio, Android Studio, or Eclipse

Ability to troubleshoot system issues

Fundamental understanding of computer architecture and low-level details of the programming languages used by the products you are supporting

Interest and experience in security a great advantage

Ability to work effectively with a remote team using modern, collaborative tools such as Microsoft Teams, Zoom, and Webex

Strong customer service skills ability to work with customers in a manner that is professional, compassionate, and effective

Ability to synthesize and clearly communicate complex technical issues to technical and non-technical audiences at all levels, both internally and externally

Office Hours: Monday - Friday, 9am - 6pm

Smart Casual Fridays

Salary is negotiable depending on experience

The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansion in alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.

Key Responsibilities:

A. Leadership & Strategy:

• Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME’s overall business objectives and risk appetite.
• Develop and implement a comprehensive cybersecurity program to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

• Establish and maintain a structured governance framework aligned with ISO 27001.
• Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
• Ensure continuous security monitoring and reporting to Exco for improved oversight.
• Establish a formal risk treatment plan and risk acceptance criteria.
• Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

• Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
• Ensure timely review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
• Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.
• Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
• Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
• Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
• Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

• Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
• Foster a security-first mindset and promote security awareness across the organization.
• Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
• Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

• Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
• Experience with cloud security, DevSecOps, and incident response.
• Excellent leadership, communication, and interpersonal skills.
• Must demonstrate the ability to translate strategy into execution through verifiable examples of past security program implementations, not just theoretical knowledge.

CARSOME is Southeast Asia’s largest integrated car e-commerce platform. With operations across Malaysia, Indonesia, Thailand and Singapore, CARSOME aims to digitize the region’s used car industry by reshaping and elevating the car buying and selling experience.

CARSOME provides end-to-end solutions to consumers and used car dealers, from car inspection to ownership transfer to financing, promising a service that is trusted, convenient and efficient. CARSOME currently transacts around 100,000 cars annually and has more than 2,000 employees across all its offices.

CARSOME is an equal opportunities employer and welcomes applications from diverse candidates.

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

The Cybersecurity Manager will lead the organisation's security posture, deliver the execution of key security initiatives in the GDC air gapped and hybrid environments, and support Gamuda Dnex Cloud’s market presence within the specialised air gapped sovereign cloud sector. This role demands a unique blend of technical cybersecurity expertise, robust management skills, and a strong operations acumen to navigate the complexities of this highly regulated and security-sensitive market.

1. Cybersecurity Operations Management & Support

• Manage 24/7 security monitoring through SIEM, EDR, IDS/IPS.
• Lead incident response processes including triage, containment, recovery, and reporting.
• Conduct threat hunting and integrate controlled threat intelligence sources.
• Maintain post-incident analysis and manage security documentation.

2. Vulnerability Management

• Perform vulnerability assessments and categorization using tools like Tenable/Nessus.
• Manage secure patch acquisition and deployment with validation and rollback procedures.
• Enforce secure system configurations and monitor unauthorized changes.

3. Identity & Access Management (IAM)

• Monitor access logs for anomalies and enforce least privilege principles.
• Manage privileged access (PAM), and oversee authentication token issuance and revocation.
• Conduct periodic audits of access rights and activities.

4. Data Security

• Manage encryption key lifecycle and monitor Hardware Security Modules (HSM).
• Implement data loss prevention (DLP) strategies within air-gapped constraints.

5. Compliance & Auditing

• Maintain and secure audit logs for user, admin, and system activity.
• Monitor and report on compliance with frameworks like NIST, FedRAMP, and FIPS.
• Support external audits, regulatory reviews, and compliance reporting.

6. Security Engineering & Optimisation

• Manage and optimize security tools (SIEM, EDR, SOAR).
• Implement automation to improve threat detection and incident response.
• Maintain playbooks and regularly update security documentation.
• Drive continuous improvement of cybersecurity processes and tooling
• Lead a team of cybersecurity professionals with focus on sovereign cloud and air-gapped operations.
• Provide technical training, mentorship, and ensure knowledge transfer within the team.
• Manage relationships with regulators, auditors, and government clients.
• Promote a culture of compliance, security awareness, and operational excellence.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 6-8+ years of experience in cybersecurity, with a focus on SecOps management, security architecture, and SIEM/SOAR development within highly regulated or security-sensitive industries.
• Deep understanding of air-gapped environments, sovereign cloud solutions, and national security regulations.
• Proven experience in managing complex security programs and projects within restricted or isolated environments. Experience in Chronicle would be an advantage for this role.
• Strong support experience in developing and executing cybersecurity and Modern SecOps strategies for complex technical solutions.
• Project management skills, including knowledge of project management methodologies (e.g., PMP, Agile/Scrum).
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively in a fast-paced and dynamic environment.
• Relevant cybersecurity certifications (e.g., CISSP, CISM, Palo Alto Certified/Admin/Architect, Splunk Enterprise Architect/Admin/Power User, Modern SecOps,CEH).

Preferred Qualifications:

• Experience working with government agencies or critical infrastructure providers.
• Experience with cloud security and compliance frameworks specific to sovereign cloud environments.
• Strong network of contacts within the government and defense sectors.
• Experience with security automation and orchestration in air-gapped environments. Key

• Air-gapped security architecture and implementation
• Sovereign cloud compliance and governance
• Programme and project management in restricted environments
• Business development and sales in the government sector
• Incident response and security operations in isolated environments
• Risk management and compliance
• Team leadership and development
• Communication and stakeholder management

• 6-8+ years of experience in cybersecurity, with a focus on SecOps management, security architecture, and SIEM/SOAR development within highly regulated or security-sensitive industries.

Press Tab to Move to Skip to Content Link

The Cybersecurity Manager will lead the organisation's security posture, deliver the execution of key security initiatives in the GDC air gapped and hybrid environments, and support Gamuda Dnex Cloud’s market presence within the specialised air gapped sovereign cloud sector. This role demands a unique blend of technical cybersecurity expertise, robust management skills, and a strong operations acumen to navigate the complexities of this highly regulated and security-sensitive market.

1. Cybersecurity Operations Management & Support

• Manage 24/7 security monitoring through SIEM, EDR, IDS/IPS.
• Lead incident response processes including triage, containment, recovery, and reporting.
• Conduct threat hunting and integrate controlled threat intelligence sources.
• Maintain post-incident analysis and manage security documentation.

2. Vulnerability Management

• Perform vulnerability assessments and categorization using tools like Tenable/Nessus.
• Manage secure patch acquisition and deployment with validation and rollback procedures.
• Enforce secure system configurations and monitor unauthorized changes.

3. Identity & Access Management (IAM)

• Monitor access logs for anomalies and enforce least privilege principles.
• Manage privileged access (PAM), and oversee authentication token issuance and revocation.
• Conduct periodic audits of access rights and activities.

4. Data Security

• Manage encryption key lifecycle and monitor Hardware Security Modules (HSM).
• Implement data loss prevention (DLP) strategies within air-gapped constraints.

5. Compliance & Auditing

• Maintain and secure audit logs for user, admin, and system activity.
• Monitor and report on compliance with frameworks like NIST, FedRAMP, and FIPS.
• Support external audits, regulatory reviews, and compliance reporting.

6. Security Engineering & Optimisation

• Manage and optimize security tools (SIEM, EDR, SOAR).
• Implement automation to improve threat detection and incident response.
• Maintain playbooks and regularly update security documentation.
• Drive continuous improvement of cybersecurity processes and tooling
• Lead a team of cybersecurity professionals with focus on sovereign cloud and air-gapped operations.
• Provide technical training, mentorship, and ensure knowledge transfer within the team.
• Manage relationships with regulators, auditors, and government clients.
• Promote a culture of compliance, security awareness, and operational excellence.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 6-8+ years of experience in cybersecurity, with a focus on SecOps management, security architecture, and SIEM/SOAR development within highly regulated or security-sensitive industries.
• Deep understanding of air-gapped environments, sovereign cloud solutions, and national security regulations.
• Proven experience in managing complex security programs and projects within restricted or isolated environments. Experience in Chronicle would be an advantage for this role.
• Strong support experience in developing and executing cybersecurity and Modern SecOps strategies for complex technical solutions.
• Project management skills, including knowledge of project management methodologies (e.g., PMP, Agile/Scrum).
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively in a fast-paced and dynamic environment.
• Relevant cybersecurity certifications (e.g., CISSP, CISM, Palo Alto Certified/Admin/Architect, Splunk Enterprise Architect/Admin/Power User, Modern SecOps,CEH).

Preferred Qualifications:

• Experience working with government agencies or critical infrastructure providers.
• Experience with cloud security and compliance frameworks specific to sovereign cloud environments.
• Strong network of contacts within the government and defense sectors.
• Experience with security automation and orchestration in air-gapped environments. Key

• Air-gapped security architecture and implementation
• Sovereign cloud compliance and governance
• Programme and project management in restricted environments
• Business development and sales in the government sector
• Incident response and security operations in isolated environments
• Risk management and compliance
• Team leadership and development
• Communication and stakeholder management

• 6-8+ years of experience in cybersecurity, with a focus on SecOps management, security architecture, and SIEM/SOAR development within highly regulated or security-sensitive industries.

Responsibilities

• Monitor and enforce data protection policies and procedures to ensure compliance with industry standards (e.g., ISO 27001, GDPR, HIPAA).
• Identify and assess cybersecurity risks and implement appropriate mitigation strategies.
• Oversee data safety audits, vulnerability assessments, and penetration testing in the data centre environment.
• Collaborate with IT and cybersecurity teams to respond to data breaches or incidents, ensuring timely reporting and remediation.
• Maintain and update data classification and handling protocols.
• Ensure secure storage, transmission, and backup of sensitive data.
• Conduct training sessions on data safety, cybersecurity awareness, and best practices for staff and contractors.
• Maintain logs of data access and ensure the use of encryption, authentication, and access control mechanisms.
• Work with legal and compliance teams on regulatory audits and documentation.
• Develop and update incident response plans and business continuity strategies.

• Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field.
• 3+ years of experience in a cybersecurity or data protection role, preferably within a data centre environment.
• Certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred.
• Strong knowledge of data protection laws, cybersecurity frameworks, and best practices.
• Experience with security tools like SIEM, DLP, IDS/IPS, and endpoint protection solutions.
• Excellent analytical, communication, and problem-solving skills.

About You

The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansionin alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.

Key Responsibilities:

A. Leadership & Strategy:

• Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME’s overall business objectives and risk appetite.
• Develop and implement a comprehensive cybersecurity program based, to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

• Establish and maintain a structured governance framework aligned with ISO 27001.
• Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
• Ensure continuous security monitoring and reporting to Exco for improved oversight.
• Establish a formal risk treatment plan and risk acceptance criteria.
• Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

• Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
• Ensure timely and review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
• Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.

D. Cloud & Product Security:

• Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
• Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
• Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
• Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

• Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
• Foster a security-first mindset and promote security awareness across the organization.

F. Collaboration & Communication:

• Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
• Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

• Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
• Experience with cloud security, DevSecOps, and incident response.
• Excellent leadership, communication, and interpersonal skills.
• Must demonstrate the ability to translate strategy into execution through verifiable
• examples of past security program implementations, not just theoretical knowledge.

Overview

Join to apply for the Cybersecurity Manager role at RAPSYS TECHNOLOGIES PTE LTD .

Location: Kuala Lumpur, Malaysia

Work Mode: Work From Office

Role: Cybersecurity Manager

• Develop and implement comprehensive cybersecurity strategies
• Monitor and analyze security threats and vulnerabilities
• Ensure compliance with security policies and regulations
• Lead and mentor cybersecurity team members
• Respond to security incidents and conduct investigations
• Prepare security reports and risk assessments

• 5+ years of experience in cybersecurity management
• Strong knowledge of security frameworks and standards
• Experience with security tools and technologies
• Excellent leadership and communication skills
• Relevant cybersecurity certifications preferred
• Proven incident response and risk management experience

Ready to secure our future? Apply now and let's build stronger defenses together!

• Mid-Senior level

• Full-time

• Other

• IT Services and IT Consulting