68 Security Architect jobs in Kuala Lumpur

Overview Join to apply for the

Security Architect

role at

Eastspring Investments .

Eastspring is a global asset manager with Asia at its core. We create a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Eastspring a place where you can Connect, Grow and Succeed.

Key Responsibilities

Conduct security-by-design reviews on new programs, initiatives, projects, Cloud services and technologies regionally (in-house development, Commercial Off-The-Shelf, SaaS), ensuring sufficient documentation for compliance / audit.

Collaborate with Group and Regional information security teams, as well as business stakeholders, to ensure project implementation aligns with security controls in accordance with policies, standards, guidelines, and regulations.

Take part in the security architecture blueprint and design review process for the Cloud hosted solutions.

Ensure critical vulnerabilities are tracked and remediated prior to application go-live.

Analyse, review, and approve non-standard software/technology implementations regionally.

Perform ad-hoc and periodic reviews of Proxy/Network/Firewall requests, designs, and configurations in Eastspring.

Provides advisory and consultation to business units, business owners, and project teams for any Cloud Security related matters.

Create a culture of security-by-design awareness by conducting related training for LBUs and other relevant stakeholders.

Create, maintain, and update relevant security policies, standards, and operating procedures for Eastspring.

Support the team leader with any assigned security operation tasks related to endpoint security, network security, data protection, DLP, VAPT, security alerts, and incidents.

Experience / Qualifications

Recognized degree in Computer Science or related Engineering fields.

5-10 years of demonstrated experience in reviewing and identifying gaps in architecture blueprints and designing controls, especially in the Cloud domain.

Candidates with proven experience in financial services industry is preferred.

Must be able to recommend mitigations to threat models based on threat vectors and exploits.

Good knowledge and experience with regulations, including PDPA, MAS guidelines, and technology/cybersecurity regulations in other Asian countries (e.g., Thailand, Malaysia, Taiwan).

Understanding of asset and/or wealth management businesses, including trade lifecycle and operational processes, is a plus.

Certifications such as CISA, CISSP, and CCSP are encouraged and demonstrate continuous learning and application of standard methodologies.

Ability to understand business requirements and security risks during security assessments and consultations.

Understanding of the company's business direction from products, solutions, market, and technology perspectives in the Cloud domain.

Equality & Inclusion Eastspring is an equal opportunity employer.

We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

#J-18808-Ljbffr

Join to apply for the Application Security Architect role at Malaysia Airlines .

Role Purpose

The role of an Application Security Architect encompasses a wide range of responsibilities centred around ensuring the security and efficient operation of software and web applications from inception to retirement. This role is pivotal in ensuring the MAG's applications are secure, compliant, and running efficiently. It requires staying abreast of the latest security trends and technologies, especially in the rapidly evolving domain of cloud-native applications.

Job Title

Application Security Architect

Reports To

Head of Cyber Security

Key Accountability

• General Accountabilities
• Integrate security tools, standards, and processes into the Product Life Cycle (PLC), ensuring compliance with SDLC and OWASP Top 10.
• Enhance API security using tools like GIT, SCA, and WebInspect.
• Improve deployment of application security tools for static analysis and runtime testing.
• Maintain secure development standards for technologies like C#, JavaScript, and PHP.
• Support incident response and architecture reviews with application security expertise.
• Develop metrics and performance analyses using platforms like Jira.
• Ensure compliance with security standards using Microsoft Security solutions.
• Integrate DevSecOps into development processes, supporting Agile, Waterfall, and SCRUM methodologies.
• Application Security Oversight
• Develop and enforce application security policies and procedures.
• Conduct security assessments using tools like WebInspect and Metasploit.
• Code and API Security Management.
• Secure application code and APIs with reviews, secure coding practices, and tools like WebInspect.
• Monitor APIs for unauthorized access and ensure compliance with standards.
• CNAPP Administration
• Manage Cloud-Native Application Protection Platforms to address security threats and vulnerabilities.
• Risk Assessment and Mitigation
• Identify security risks and implement mitigation strategies to minimize impacts.
• Digital Lifecycle Management
• Coordinate system updates, patches, and upgrades using databases like mySQL and MS SQL.
• Other Capabilities
• Maintain expertise in platforms like J2EE, .NET, and API management for interoperability.
• Align security design and deployment standards with DevSecOps and Agile practices using tools like Jira.

Qualifications & Working Experience

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 13 - 15 years of working experience in Information Technology, application security, IT security, or a related field.
• Experience in Aviation Industry will be added advantages.

Areas of Experience

Major Requirements: Active Directory, SDLC, OWASP10. GIT, GCC, Jira, SCA, WebInspect, C#, Jscript, PhP, Xcode15, DevSecOps, Metasploit, Agile & Waterfall methodologies, SCRUM, mySQL & MS SQL.

Personality Traits

• Strong understanding of regulatory requirements and industry standards relevant to data protection and privacy.
• Strong knowledge of secure coding practices, application security measures, and API security.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Airlines and Aviation

#J-18808-Ljbffr

Base pay range

This range is provided by Randstad Malaysia. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Job details

• Job title : Senior Security Architect
• Location : KL
• Salary : RM17,000 - RM21,000
• Benefits :
• Hybrid and flexible working environment
• High performance bonuses
• Medical and hospitalization coverages provided

About the job

• Strategic and highly impactful role for a Security Architect who is a subject matter expert in Cloud services and technologies.
• Act as a proactive advisor and consultant, conducting 'security-by-design' reviews and ensuring that all new initiatives are compliant with regional regulations like PDPA.
• Excellent opportunity for a professional who thrives on solving complex problems, designing robust security frameworks, and collaborating with cross-functional teams to build a strong culture of security.

About the manager/team

• Reporting to a senior leader in the information security function.
• Working closely with various business units and technical teams across different grographies.
• Looking for a good team player who can manage internal and external stakeholders, resolves issues, and align with business objectives.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology
• Industries
• Technology, Information and Internet

Referrals increase your chances of interviewing at Randstad Malaysia by 2x

Get notified about new Senior Security Architect jobs in Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia .

#J-18808-Ljbffr

Join to apply for the Senior Security Architect role at Prudential Services Asia

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

This position will cover Asia, Africa and United Kingdom regions, working within GISP Enterprise Security Architecture and Innovation to define the security architecture principles, architecture blueprints, explore and adopt emerging security technologies such as Cloud, AI. This role is expected to define security architecture principles and blueprints, as well as evaluate, and develop security controls across security domains to Prudential businesses globally.

Responsibilities

• Design and implement secure architectures and control across networks, applications, cloud environments, and data systems.
• Develop security blueprints, reference architectures, and design patterns aligned with industry standards
• Define and apply security requirements and controls across different security domains, especially Cloud and AI Security during the Application blueprinting and design review.
• Act as the subject matter expert for security architecture and provide technical guidance to project teams, solution architects, developers and business users.
• Research and evaluate security tools, technologies, and frameworks to enhance the organization’s security posture.
• Perform security risk assessment on emerging technologies and provide recommendations.
• Liaise with internal and external auditors and regulators to support Prudential businesses.
• Understand business requirement and security risk to business during the security assessment and consultation.
• Understand the company and business direction from products/solutions/market/technology in the Cloud domain
• Participate in POV/POC of selected security solutions and provide insights on suitability.

Key Requirements

• Bachelor’s degree in Information Security/ Information Technology/ Computer Science or equivalent work experience.
• At least 12 years of experience in large organization with a focus on IT security and adoption of cloud technologies.
• Experience with architecture and security reviews, threat modeling applications and identifying areas of risk.
• Demonstrated experience in applying security and risk frameworks such as: NIST, Mitre ATT&CK, Mitre DEFEND, ISO27K
• Demonstrated experience in applying technical solutions to meet regulatory requirements stipulated by regional authorities (MAS, HKMA, BNM…)
• Ability to articulate cyber risks to senior leadership within the context of corporate strategy and threat environment
• Familiarity with secure development practices (DevSecOps) related toolset and automation CI/CID tools.
• Hands-on experience on conducting evaluation, design, implementation and optimization of a comprehensive and broad set of security technologies and processes. (Application Security, data protection, key management, identity, and access management (IAM), network security and security monitoring).
• Proficient in coding/scripting languages such as Python, Bash or Powershell.
• Possess in-depth technical knowledge in containerization technologies and cloud native applications.
• Pro-active with multitasking capabilities, comfortable to work in both hands-on and leadership role.
• High level of personal integrity, as well as the ability to professionally handle confidential matters.

Desired Professional Certifications

• Cloud native certification such as CKA, CKS
• ISSP, CCSP or equivalent certification preferred.
• OSCP, OSWE, GIAC GWAPT, GPEN certification is highly desirable.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

#J-18808-Ljbffr

Base pay range

This range is provided by Randstad Malaysia. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Job details

Job title : Senior Security Architect Location : KL Salary : RM17,000 - RM21,000 Benefits : Hybrid and flexible working environment High performance bonuses Medical and hospitalization coverages provided About the job

Strategic and highly impactful role for a Security Architect who is a subject matter expert in Cloud services and technologies. Act as a proactive advisor and consultant, conducting 'security-by-design' reviews and ensuring that all new initiatives are compliant with regional regulations like PDPA. Excellent opportunity for a professional who thrives on solving complex problems, designing robust security frameworks, and collaborating with cross-functional teams to build a strong culture of security. About the manager/team

Reporting to a senior leader in the information security function. Working closely with various business units and technical teams across different grographies. Looking for a good team player who can manage internal and external stakeholders, resolves issues, and align with business objectives. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology Industries Technology, Information and Internet Referrals increase your chances of interviewing at Randstad Malaysia by 2x Get notified about new Senior Security Architect jobs in

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia .

#J-18808-Ljbffr

Join to apply for the

Senior Security Architect

role at

Prudential Services Asia Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed. This position will cover Asia, Africa and United Kingdom regions, working within GISP Enterprise Security Architecture and Innovation to define the security architecture principles, architecture blueprints, explore and adopt emerging security technologies such as Cloud, AI. This role is expected to define security architecture principles and blueprints, as well as evaluate, and develop security controls across security domains to Prudential businesses globally. Responsibilities

Design and implement secure architectures and control across networks, applications, cloud environments, and data systems. Develop security blueprints, reference architectures, and design patterns aligned with industry standards Define and apply security requirements and controls across different security domains, especially Cloud and AI Security during the Application blueprinting and design review. Act as the subject matter expert for security architecture and provide technical guidance to project teams, solution architects, developers and business users. Research and evaluate security tools, technologies, and frameworks to enhance the organization’s security posture. Perform security risk assessment on emerging technologies and provide recommendations. Liaise with internal and external auditors and regulators to support Prudential businesses. Understand business requirement and security risk to business during the security assessment and consultation. Understand the company and business direction from products/solutions/market/technology in the Cloud domain Participate in POV/POC of selected security solutions and provide insights on suitability. Key Requirements

Bachelor’s degree in Information Security/ Information Technology/ Computer Science or equivalent work experience. At least 12 years of experience in large organization with a focus on IT security and adoption of cloud technologies. Experience with architecture and security reviews, threat modeling applications and identifying areas of risk. Demonstrated experience in applying security and risk frameworks such as: NIST, Mitre ATT&CK, Mitre DEFEND, ISO27K Demonstrated experience in applying technical solutions to meet regulatory requirements stipulated by regional authorities (MAS, HKMA, BNM…) Ability to articulate cyber risks to senior leadership within the context of corporate strategy and threat environment Familiarity with secure development practices (DevSecOps) related toolset and automation CI/CID tools. Hands-on experience on conducting evaluation, design, implementation and optimization of a comprehensive and broad set of security technologies and processes. (Application Security, data protection, key management, identity, and access management (IAM), network security and security monitoring). Proficient in coding/scripting languages such as Python, Bash or Powershell. Possess in-depth technical knowledge in containerization technologies and cloud native applications. Pro-active with multitasking capabilities, comfortable to work in both hands-on and leadership role. High level of personal integrity, as well as the ability to professionally handle confidential matters. Desired Professional Certifications

Cloud native certification such as CKA, CKS ISSP, CCSP or equivalent certification preferred. OSCP, OSWE, GIAC GWAPT, GPEN certification is highly desirable. Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology

#J-18808-Ljbffr

Join to apply for the

Application Security Architect

role at

Malaysia Airlines . Role Purpose

The role of an Application Security Architect encompasses a wide range of responsibilities centred around ensuring the security and efficient operation of software and web applications from inception to retirement. This role is pivotal in ensuring the MAG's applications are secure, compliant, and running efficiently. It requires staying abreast of the latest security trends and technologies, especially in the rapidly evolving domain of cloud-native applications. Job Title

Application Security Architect Reports To

Head of Cyber Security Key Accountability

General Accountabilities Integrate security tools, standards, and processes into the Product Life Cycle (PLC), ensuring compliance with SDLC and OWASP Top 10. Enhance API security using tools like GIT, SCA, and WebInspect. Improve deployment of application security tools for static analysis and runtime testing. Maintain secure development standards for technologies like C#, JavaScript, and PHP. Support incident response and architecture reviews with application security expertise. Develop metrics and performance analyses using platforms like Jira. Ensure compliance with security standards using Microsoft Security solutions. Integrate DevSecOps into development processes, supporting Agile, Waterfall, and SCRUM methodologies. Application Security Oversight Develop and enforce application security policies and procedures. Conduct security assessments using tools like WebInspect and Metasploit. Code and API Security Management. Secure application code and APIs with reviews, secure coding practices, and tools like WebInspect. Monitor APIs for unauthorized access and ensure compliance with standards. CNAPP Administration Manage Cloud-Native Application Protection Platforms to address security threats and vulnerabilities. Risk Assessment and Mitigation Identify security risks and implement mitigation strategies to minimize impacts. Digital Lifecycle Management Coordinate system updates, patches, and upgrades using databases like mySQL and MS SQL. Other Capabilities Maintain expertise in platforms like J2EE, .NET, and API management for interoperability. Align security design and deployment standards with DevSecOps and Agile practices using tools like Jira. Qualifications & Working Experience

Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 13 - 15 years of working experience in Information Technology, application security, IT security, or a related field. Experience in Aviation Industry will be added advantages. Areas of Experience

Major Requirements: Active Directory, SDLC, OWASP10. GIT, GCC, Jira, SCA, WebInspect, C#, Jscript, PhP, Xcode15, DevSecOps, Metasploit, Agile & Waterfall methodologies, SCRUM, mySQL & MS SQL. Personality Traits

Strong understanding of regulatory requirements and industry standards relevant to data protection and privacy. Strong knowledge of secure coding practices, application security measures, and API security. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology Industries

Airlines and Aviation

#J-18808-Ljbffr

Job Description

• Directly support the Chief Information Security Officer (CISO).
• Lead and manage GRC personnel as required.
• Develop, review and implement security architectures and frameworks for IT systems, networks, applications and OT.
• Evaluate or prepare security requirements proposed for project or tender submissions.
• Develop security surveillance strategies, frameworks, and procedures.
• Develop security assessment surveys and maturity measurement methods.
• Identify vulnerabilities and perform security risk assessments.
• Define and enforce security policies, procedures, and best practices.
• Define governance and risk management procedures and methodologies.
• Define security roadmaps based on business and enterprise priorities.
• Evaluate and recommend security tools and technologies.
• Coordinate and communicate GRC activities across the Group’s subsidiaries.
• Define and manage data gathering and reporting across the Group’s subsidiaries.
• Develop and maintain system security architecture and design standards / templates.
• Maintain records of system architectural patterns and secure engineering solutions.
• Work with the Security Risk & Compliance Manager to maintain and present a consistently accurate assessment of enterprise risk.
• Work with the Cyber Security Architect to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across subsidiaries as required.
• Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively.

Requirements

• In-depth knowledge of Mitre ATT&CK Tactics and Techniques and OWASP Top Ten.
• In-depth work experience in hybrid and cloud architecture / system design and implementation.
• In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development.
• Practical experience in NIST CSF and CIS Controls assessment and implementation.
• Demonstrable experience delivering detailed system security design and threat modelling.
• Project and/or program management and support experience.
• Excellent documentation and writing skills.
• Excellent communications skills.
• At least 5 years' work experience as a System Security Architect.
• Previous work experience in IT architecture and infrastructure.
• BSc in Computer Science, Computer Engineering or equivalent.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

#J-18808-Ljbffr

Join us in this role where you’ll play a key role in improving the security posture of Ørsted’s modern cloud data platform on Azure and AWS by supporting development teams, application architects, and leadership in making the right choices and prioritizations regarding security.

Welcome to the Ørsted Data Ecosystem
You’ll be part of cloud data platform security where you, together with your colleagues, will enables all of Ørsted to easily, securely, and reliably generate value from data. Our Ørsted Data Ecosystem is a cloud-based data platform facilitating the collection, processing, and consumption of data from all Ørsted’s business units and making it available to analysts, data scientists, and machine learning models.

As a team, we collaborate closely with leadership, application architects, and developers to continuously improve the security and compliance of the data platform.

You’ll play an important role in:

• Shaping the way we securely extract, store, and process data from critical energy infrastructure.

• Crafting a secure and compliant cloud data platform spanning Azure and AWS that meets organizational and regulatory standards and policies.

• Translating regulatory and centrally defined security requirements into a form that is understandable and actionable for our teams.

• Evangelizing security best practices, guidelines, and blueprints to the teams developing and using the Ørsted Data Ecosystem platform.

• Improving the regulatory compliance (e.g. NIS2) of the data platform.

To succeed in the role, you:

• Extensive experience in cloud architecture and data architecture (e.g., data lake, cloud data warehouse, Kubernetes, Kafka, cloud networks)

• Strong grasp of fundamental architectural principles, security control standards, and how to apply these in documented designs and security measures
• Solid experience in applying processes, risk assessment, governance, according to security information frameworks such like NIST 800-53 and government regulations (e.g. NIS2)
• Experience in securing deployments in the cloud (ideally both on Azure and AWS)
• Good inter-personal and communication skills that allow you to work with teams to improve their security posture while they work towards their goals.
• An eye for the right level of security (factoring in cost, value, and risk), so you never let perfect be the enemy of good.

Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply.

Shape the future with us
Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate.

As an applicant or employee, you may request reasonable work and position accommodation or adjustments via

Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.

#J-18808-Ljbffr