เงื่อนไขการค้นหา

ประสบการณ์:

2 ปีขึ้นไป

ทักษะ:

Network Infrastructure, Security Design, Big Data, English

ประเภทงาน:

งานประจำ

• Perform cyber security and IT security assessments for clients (e.g. cyber security program assessment, cyber security risk assessments, IT network infrastructure reviews, system technical configurations review, information security policies and processes/procedures review etc.).
• Work on IT security design, analysis and implementation of security protection solution.
• Evaluate and analyze threat, vulnerability, system weakness, impact and risk to secu ...
• Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes, controls and systems.
• Advise client on the security incident response end-to-end process (i.e. preparation, detection, analysis, response and recovery of the security incident).
• Skills and attributes for success.
• To qualify for the role you must have.
• Bachelor's degree or Master s degree in Computer Engineering, Computer Science, Information Systems, IT Security, ICT or other related fields.
• Minimum 2 years' experience in such areas as IT security management design and implementation, IT security assessment and IT technical background.
• Familiar with leading IT security processes and tools.
• Highly proficient in both English and Thai with good written and oral communication and analytical skills.
• Ideally, you ll also have.
• Having experience in project planning and management will be a plus.
• Professional certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and / or Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or ISO27001 will be highly considered.
• Experience in new generation security practices (i.e. DevSecOps, iPentest, RedTeaming, System Resilience Design).
• Experience in Emerging Technologies (i.e. Cloud Computering, Blockchain, Big Data, A.I./M.L.).
• We re interested in intellectually curious people with a genuine passion for cyber security. With your specialization in attack and penetration testing, we ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us - but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
• What we offer.
• We offer a competitive remuneration package. Our comprehensive Total Rewards package includes support for flexible working and career development, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions.
• Continuous learning: You ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You ll be embraced for who you are and empowered to use your voice to help others find theirs.
• If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
• The exceptional EY experience. It s yours to build.
• EY | Shape The Future with Confidence.
• EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
• Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
• Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

ทักษะ:

Legal, Risk Management, Compliance

ประเภทงาน:

งานประจำ

• Establish and maintain appropriate security measures for personal data protection to prevent unauthorized access, loss, alteration, or disclosure.
• Regularly review and update security measures to align with technological advancements and PDPA requirements.
• Ensure third-party vendors handling personal data comply with data protection regulations.
• Implement and oversee data retention and deletion processes per legal requirements.
• Develop a risk management system for PDPA compliance.
• Assess risks related to personal data processing, evaluate mitigation strategies, and audit IT systems for security compliance.
• Conduct periodic assessments of IT systems handling personal data.
• Evaluate the effectiveness of data protection measures in databases, applications, and information security frameworks.
• Bachelor s degree in Computer Science, IT Security, Management Information Systems, or a related field.
• At Least 3 years of experience in Database Management, IT Security, or Data Privacy Compliance.
• Proficiency in database management (SQL Server, MySQL).
• Understanding of IT security, data governance or compliance frameworks.
• Location: BTS Ekkamai
• Working Day: Mon-Fri.

ทักษะ:

Finance, Risk Management, DevOps

ประเภทงาน:

งานประจำ

• Manage day-to-day activities of a team of Security Architect Engineers.
• Design and implementation of advanced security architectures for applications, networks, and systems.
• Conducted comprehensive risk assessments and developed mitigation strategies.
• Design and implement security monitoring and incident response solutions.
• Stay abreast of emerging threats and vulnerabilities in the finance and crypto industry.
• Collaborate with cross-functional teams to ensure secure development practices.
• Mentor and guide junior security engineers.
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• At least 2 years of experience in a security engineering role.
• Solid knowledge of security principles, cryptography, secure coding, threat modeling, and risk management.
• Familiarity with cloud security practices and secure DevOps methodologies.
• Demonstrates strong problem-solving, analytical, and critical thinking skills.
• Effective communication prioritization and collaboration abilities; work well in cross-functional teams.
• Remark: Given the nature of the mentioned position, where employees are involved with customer data and asset values, and/or the company, to comply with legal and regulatory standards established by the Securities and Exchange Commission, as well as to align with laws and overseeing agencies, the company requires a criminal background check as part of the post-interview process before joining the company. Your criminal history information will be retained for a period of 6 months from the start date.
• Important: Candidate Privacy Policy.
• สำคัญ:โปรดอ่านและทำความเข้าใจ: นโยบายความเป็นส่วนตัวด้านทรัพยากรบุคคล สำหรับผู้สมัครงาน และผู้สมัครเข้าฝึกงาน*.
• Don't forget to 'Like' and 'Follow' our social media channels so you won't miss any news from us. Click.

ทักษะ:

Compliance, Risk Management, ISO 27001

ประเภทงาน:

งานประจำ

• Develop and implement security governance frameworks, policies, and standards.
• Conduct audits and risk assessments to ensure compliance with governance requirements.
• Monitor and report on security governance metrics and KPIs.
• Provide guidance on security governance best practices to internal stakeholders.
• Coordinate with external auditors and regulatory bodies as needed.
• Develop and deliver security governance training programs.
• Investigate and resolve governance-related issues and incidents.
• Assess and recommend security governance tools and technologies.
• Bachelor s degree in Information Technology, Cybersecurity, or a related field.
• Experience: 2-4 years in security governance, risk management, or compliance roles.
• Experience in developing and maintaining security policies and procedures.
• Ability to identify, report, and mitigate security risks.
• Familiarity with ISO 27001, ISO 27701, and SOC 2 frameworks.
• Experience in conducting governance awareness sessions.
• Strong communication, prioritization, and interpersonal abilities.
• Remark: Given the nature of the mentioned position, where employees are involved with customer data and asset values, and/or the company, to comply with legal and regulatory standards established by the Securities and Exchange Commission, as well as to align with laws and overseeing agencies, the company requires a criminal background check as part of the post-interview process before joining the company. Your criminal history information will be retained for a period of 6 months from the start date.
• Important: Candidate Privacy Policy.
• สำคัญ:โปรดอ่านและทำความเข้าใจ: นโยบายความเป็นส่วนตัวด้านทรัพยากรบุคคล สำหรับผู้สมัครงาน และผู้สมัครเข้าฝึกงาน*.

ประเภทงาน:

งานประจำ

• Designing, implementing, and maintaining identity and access management (IAM) infrastructure, ensuring the security and integrity of systems and data. Work closely with other IT teams, security teams, and business stakeholders to ensure IAM solutions meet organizational needs. Ensure that IAM solutions comply with company s policy, relevant regulations and industry standards..
• Role & Responsibility.
• Design, implement, and maintain IAM solutions, including directory services, single ...
• Develop and enforce IAM policies, standards, and procedures to ensure compliance with industry best practices and regulatory requirements.
• Automate IAM processes using scripting and programming languages (e.g., PowerShell, Python).
• Integrate IAM systems with various applications and platforms, both on-premises and in the cloud.
• Troubleshoot IAM-related issues, providing support to end-users and other IT teams.
• Monitor IAM systems for performance, availability, and security issues, proactively identifying and resolving problems.
• Participate in security audits and compliance assessments, providing information and evidence related to IAM controls.
• Research and evaluate new IAM technologies and trends, recommending and implementing improvements to our IAM infrastructure.
• Collaborate with other IT teams, security teams, and business stakeholders to ensure IAM solutions meet organizational needs..
• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3 to 5+ years of experience in IAM related, with a proven track record of designing, implementing, and managing complex IAM solutions.
• Deep understanding of IAM concepts, including authentication, authorization, access control, identity lifecycle management, and privileged access management.
• Strong experience with directory services (e.g., Active Directory, Azure EntraID, LDAP), SSO, MFA, PAM, and identity governance tools.
• Experience with cloud platforms (AWS, Azure, or GCP) and cloud IAM solutions.
• Knowledge of security protocols (e.g., SAML, OAuth, OpenID Connect).
• Proficiency in scripting and programming languages (e.g., PowerShell, Python).
• Excellent troubleshooting and problem-solving skills.
• Strong communication and collaboration skills.
• An ability to work under pressure.
• Good command of English.
• Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) and such certifications related will be advantage.

ทักษะ:

Compliance, Risk Management

ประเภทงาน:

งานประจำ

• Governance & Compliance - Lead audit processes, including interviews, assessments, compliance validation, and implementation support to ensure security standards are met..
• Process Improvement - Continuously enhance audit procedures, policy frameworks, and access management to improve efficiency and alignment with security principles..
• Operations & Monitoring - Validate internal security requests, oversee monitoring systems, and take necessary actions to maintain compliance..
• Security Initiatives & Risk Management - Manage security projects related to LSS accounts, multi-factor authentication (MFA), access cleanup, and sensitive permissions oversight..
• Audit Support & Compliance Reporting - Provide timely and accurate responses to external auditor queries, ensuring proper evidence and documentation..
• Ad Hoc & High-Priority Projects - Own and drive urgent security-related projects that arise unexpectedly or require fast turnaround..
• Identity & Access Management (IAM) - Design and manage Mover and Leaver processes, including recertification campaigns to maintain identity security..
• ACO Compliance Oversight - Ensure accounts for Amadeus Commercial Organization (ACO) staff adhere to security principles and PCI standards..
• Policy & Process Optimization - Identify and propose enhancements to audit frameworks, approval management processes, and compliance mechanisms..
• About the Ideal Candidate.
• Proven experience in LSS, Identity and Access Management (IAM), and Cybersecurity principles..
• Ability to assess security risks, analyze fraud cases, and recommend corrective actions.
• Experience managing multiple security projects and collaborating with teams in a dynamic environment.
• Understanding of regulatory compliance and security standards, including PCI-DSS, SOC1, GDPR, and Amadeus Corporate Standards, is essential for ensuring alignment with global security frameworks and best practices..
• Effective communication skills for facilitating discussions, composing global security updates, and explaining complex concepts clearly.
• What we can offer you ?.
• A critical mission and purpose - At Amadeus, you will be powering the future of travel and pursuing a critical mission and extraordinary purpose.
• A truly global DNA - Everything at Amadeus is global, from our people to our business, which translates into our footprint, processes, and culture.
• Great opportunities to learn - Learning happens all the time and in many ways at Amadeus, through on-the-job training, formal learning activities, and day-to-day interactions with colleagues.
• A caring environment - Amadeus fosters a caring environment, nurturing both a fulfilling career and personal and family life. We care about our employees and strive to provide a supportive work environment.
• A complete rewards offer - Amadeus provides attractive remuneration packages, covering all essential components of a competitive reward offer, including salary, bonus, equity, and benefits.
• A flexible working model - We want our employees to do their best work, wherever and however it works best for them.
• A diverse and inclusive community - We are committed to leveraging our uniquely diverse population to drive innovation, creativity, and collaboration across our organization.
• A Reliable Company - Trust and reliability are fundamental values that drive our actions and shape long-lasting relationships with our customers, partners, and employees.
• Diversity & Inclusion.
• Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience.
• Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation, age, beliefs, disability or any other characteristics protected by law.

ทักษะ:

Compliance, Risk Management, ISO 27001, English

ประเภทงาน:

งานประจำ

• To be a leader in designing and managing an organization s IT internal control environments to ensure the company complies with applicable law and regulations.
• To monitor the state of IT compliance with regulatory requirements and internal policies that affect the Information Technology Risk management and compliance, and develop a compliance program to address potential gaps.
• To serve as liaison to internal auditors, external auditors, Bank of Thailand auditors and other regulators' mandates (i.e., PCI, SEC, ISO27001, etc.) regarding documen ...
• To partner with IT Management to develop and implement appropriate controls to ensure that IT compliance is being effectively maintained.
• To oversee generally in issue summary review, the process of issue tracking and closure, and closing meetings in order to maintain a full understanding of emerging IT issues.
• To facilitate reporting of IT compliance status for IT Management.
• To provide advisory and consultation to IT users on IT regulation and compliance requirements.
• To oversee and steer the IT General Control (ITGC) program regarding SOX Compliance.
• To establish and enforce standardized and repeatable enterprise Data Leakage Prevention (DLP) governance and framework including DLP incident response processes.
• To maintain Data Leakage Prevention (DLP) system.
• To provide the direction and advisory on Information system control monitoring (i.e., monitoring the log over critical operating systems, applications, and databases, reviewing the access control log over restricted IT physical areas, etc.).
• To ensure security controls over critical high privilege management are adequate and functioning as intended within the operating systems, applications, and databases.
• Be responsible for Liaise with IT Risk owners to develop risk-based assessments, and establish risk response programs and reporting processes according to Bank s Risk Management Policy and Framework.
• Bachelors or Master of Information Technology, Computer Engineering or related fields.
• At least 10 years of experience in Information Technology in Banking /Financial industries.
• Experience in relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, ISO 27001/2, ITIL, and SOX Compliance.
• Experience in IT Governance, Risk management, and Compliance (IT GRC), Project Management, Lead Auditor/Lead Implementer, or similar is preferred.
• Strong knowledge of Local Regulatory (TH).
• Relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, ISO 27001/2, ITIL, SOX Compliance, etc.
• Professional Information Security certifications such as CISSP, CISA, CISM, CRISC, ISO 27001.
• CMMI/SDLC.
• Good written and verbal communication, presentation of both Thai and English skills.
• Strong Leadership, influencing, motivating, and negotiating skills.
• Good judgment within broadly defined practices in obtaining desired results, analytical and problem-solving skills.
• Demonstrated ability to prioritize and manage multiple tasks simultaneously.
• Familiar with Microsoft Office products.
• Good English Skill.
• Only shortlisted candidates will be contacted.
• FB: Krungsri Career(http://bit.ly/FacebookKrungsriCareer).
• LINE: Krungsri Career (http://bit.ly/LineKrungsriCareer).
• Talent Acquisition Department
• Bank of Ayudhya Public Company Limited
• 1222 Rama III Rd., Bangpongpang, Yannawa, Bangkok 10120
• Contact: Talent Acquisition Center:.
• Applicants can read the Personal Data Protection Announcement of the Bank's Human Resources Function by typing the link from the image that stated below.
• EN: (https://krungsri.com/b/privacynoticeen).
• ผู้สมัครสามารถอ่านประกาศการคุ้มครองข้อมูลส่วนบุคคลส่วนงานทรัพยากรบุคคลของธนาคารได้โดยการพิมพ์ลิงค์จากรูปภาพที่ปรากฎด้านล่าง.
• ภาษาไทย: (https://krungsri.com/b/privacynoticeth).
• หมายเหตุ ธนาคารมีความจำเป็นและจะมีขั้นตอนการตรวจสอบข้อมูลส่วนบุคคลเกี่ยวกับประวัติอาชญากรรมของผู้สมัคร ก่อนที่ผู้สมัครจะได้รับการพิจารณาเข้าร่วมงานกับธนาคารกรุงศรีฯ.
• Remark: The bank needs to and will have a process for verifying personal information related to the criminal history of applicants before they are considered for employment with the bank..

ประสบการณ์:

1 ปีขึ้นไป

ทักษะ:

DevOps, Automation, Electrical Engineering

ประเภทงาน:

งานประจำ

• Equipped with security knowledge and done related projects in technical IT domains such as operating systems, networks, databases, cloud or solution development etc.
• Possess knowledge in assessing solution architectures at the planning and design level for security issues and vulnerabilities.
• Experience in practical security vulnerability remediation.
• Information Security domains - in particular one or more of the following: Cyber Program Management, Cyber Threat Management, Identity & Access Management, Data Protection, Privacy, Organisational Resilience. This experience should include both advisory, implementation and operation experience.
• Strong technical security skills in assessment, design, implementation, architecture, and program / project delivery and work across various delivery models, (Waterfall, Agile, DevOps).
• Implementation skill set for identity and access management platforms, security information and event management platforms, security automation and orchestration platforms, advance threat detection systems, endpoint protection systems, data leak prevention systems or network security devices.
• To qualify for the role you must have.
• A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
• Experience with a leading Security technology like Microsoft Security, Crowdstrike, Splunk and others would be a strong advantage.
• Creative, independent with good problem solving skills.
• Excellent communicator with strong analytical, interpersonal and writing skills.
• Candidates with minimum 10-15 years of relevant experience, including managing a team, will be considered for a Leadership role.
• Ideally, you ll also have.
• Industry related certification preferred (e.g. CISSP, CISA, CISM, SABSA, PRINCE2, TOGAF, ITIL).
• Solution Level Certifications, OSCP, CREST, GIAC would be advantageous, as well as penetration testing experience.
• Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. An effective communicator, you ll be a confident team player that collaborates with people from various teams while looking to develop your career in a dynamic organization.
• What we offer.
• Continuous learning: You ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Diverse and inclusive culture: You ll be embraced for who you are and empowered to use your voice to help others find theirs.
• If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
• The exceptional EY experience. It s yours to build.
• EY | Building a better working world.
• EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
• Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

ทักษะ:

ISO 27001, Compliance, Assurance, English

ประเภทงาน:

งานประจำ

• Develop and support internal audit strategies within the cybersecurity domain, which involves protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
• Implement work standards to achieve desired outcomes and report findings to top management as a Cyber Security Auditor.
• Identify potential cybersecurity risks and persuade organizational stakeholders to adopt comprehensive, actionable recommendations.
• Act as a liaison with internal auditors, external auditors, Bank of Thailand auditors, Electronic Transactions Development Agency auditors, and other regulatory bodies (e.g., ISO 27001, PCI DSS, etc.) to ensure documentation and information compliance.
• Provide assurance and advisory services to ensure that IT Management plans, organizes, and directs appropriate IT governance, risk management, and control processes.
• Liaise with IT risk owners to develop risk-based assessments and establish risk response programs and reporting processes according to the Risk Management Policy and Framework.
• Bachelor's or master s degree in Computer Engineering, Computer Science, Information Technology, or related fields..
• Experience in relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, and ITIL.
• Experience in IT Governance, Risk Management, and Control Processes (IT GRC), Project Management, Lead Auditor/Lead Implementer, or similar roles is preferred.
• Professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), and CRISC (Certified in Risk and Information Systems Control) are advantageous.
• Technical expertise in cybersecurity auditing.
• Proficiency in English.
• At least 3 years of experience in information security management, information risk management, IT audit management, ICT security, cloud security, or related fields.

ประสบการณ์:

10 ปีขึ้นไป

ทักษะ:

EHS Management, English

ประเภทงาน:

งานประจำ

• Investigate for root cause analysis and analytical skills (predictive for preventive would be adventage). ทักษะด้านการสอบสวนเพื่อหาต้นตอของปัญหา เพื่อแก้ไขปัญหา และมีทักษะในการคิดวิเคราะห์ หากสามารถคาดการณ์โดยใช้หลักการทางสถิติได้ จะพิจารณาเป็นพิเศษ.
• Risk assessment and environment aspect ทักษะ ด้านการประเมินความเสี่ยงในงาน Safety และ Envoronment.
• Knowledge in Safety and environmental law. มีความรู้ความเข้าในกฎหมายที่เกี่ยวกับงาน Safety และ สิ่งแวดล้อม.
• Knowledge in ISO 45001, ISO 14001 มีความรู้/ ประสบการณ์ในระบบ ISO 45001, ISO 14001.
• Negotiate, Mediate skill มีทักษะในการเจรจาต่อรองไกล่เกลี่ย.
• working with pressure condition สามารถทางานภายใต้ความกดดันได้ดี.
• Provide solution for solve the problem,preventive would be adventage. สามารถนาเสนอแนวทางในการแก้ไขปัญาได้ ถ้าสามารถเสนอแนวทางป้องกันได้ด้วย จะได้รับการพิจารณาเป็นพิเศษ.
• Planing skill มีทักษะในการวางแผน.
• Coordinate skill มีทักษะในการประสานงาน.
• Follow up skill มีทักษะในการติดตามงานให้เป็นไปตามแผน.
• Male / Female.
• Age 38 - 45.
• At lease bachelor degree in safety health,environment or relate Experience.
• At lease 5 years in safety health and evironment in manufacturing (heavy industry is adventage ==> Cement,Steel,Sugar,Mining).

ทักษะ:

Negotiation

ประเภทงาน:

งานประจำ

• Bachelor degree or higher in Computer Science or related filed.
• There are 5-8 years, Experience in Network skills.
• Able to do network design, evaluation, POC, implementation.
• Self-Motivation and Hard Working.
• Able to work some time on night and weekend by job duties.
• Able to troubleshooting related to network problem & connecting equipment.
• Willing to self-study for network knowledge and learn new knowledge from team.
• Good communication,interpersonal, problem-solving, presentation, and negotiation skill.

ทักษะ:

Risk Management, Software Development, Kubernetes

ประเภทงาน:

งานประจำ

• Design, develop, and maintain security systems, tools, and best practices across the stack (frontend, backend, mobile, and infrastructure).
• Identify, assess, and mitigate security vulnerabilities through proactive risk management and threat modeling.
• Collaborate with product managers and developers to embed security into the software development lifecycle (SDLC).
• Develop and enforce policies for secure coding, data protection, and incident response.
• Implement robust authentication and authorization mechanisms.
• Conduct regular security assessments, including penetration testing and code reviews.
• Monitor, detect, and respond to security incidents using advanced tools and methodologies.
• Enhance infrastructure security using Kubernetes, Docker, and cloud platforms (GCP, AWS).
• Stay current on emerging threats, vulnerabilities, and security trends, and recommend actionable insights to improve defenses.
• Champion security awareness across the organization, including training sessions and knowledge-sharing activities.
• Ensure compliance with relevant security standards and regulations such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Basic QualificationsProven expertise in application security, cloud security, and infrastructure security.
• Proficiency in securing systems built with technologies such as Node.js, Golang, Elixir, Python, React, Svelte, or Flutter.
• Experience with tools like Docker, Kubernetes, and cloud services (GCP, AWS).
• Strong understanding of cryptographic principles and secure communication protocols.
• Familiarity with CI/CD pipelines and secure DevOps practices.
• Hands-on experience with security tools for vulnerability scanning, penetration testing, and threat detection.
• Deep understanding of database security, especially with PostgreSQL or other relational or non-relational databases.
• Strong analytical and problem-solving skills with a security-first mindset.
• Excellent communication skills and the ability to collaborate effectively in Agile teams.
• Self-motivation, adaptability, and a strong work ethic.
• Preferred Qualifications We re especially excited if you bring:Experience leading security initiatives or mentoring other engineers in security best practices.
• Expertise in compliance frameworks such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Advanced knowledge of security monitoring and incident response systems.
• Strong system design skills with a focus on secure architectures and long-term trade-offs.
• A proven track record of securing fast-paced, high-growth tech environments.
• A passion for securing user-centric products and contributing to their success.
• Perks & Benefits Flat Structure As we continue to grow fast, we strive to retain our culture where everyone is heard, contributes, and grows with the company..
• Work-life Harmony We believe that quality time outside of work is important to sustaining a healthy and happy lifestyle.
• Remote Work Hybrid-mode activated! It comes with the package: flexibility, focus and productivity!.
• Urban Office One breath from Phrom Phong BTS. No sweat whatsoever! The office should also feel like a second home so we dedicated a lot of care and resources into building the best environment for you to wake up to every morning.
• Fun Workshop The best relationships are built over new experiences, that s why we have workshops filled with a range of activities for you to look forward to and enjoy.
• Game Tournament It s getting fun and competitive! Challenge doesn t only have to come from work. Own the championship and show the peeps how great of a gamer (and player) you are.
• Group Insurance Health comes first, we know, don t worry, we ve got you covered.
• Health & Wellness Only a healthy army wins the war. We invest to take care of you from physical, mental and happiness-level. Adopted health & wellness applications plus activities to make sure everyone here is on cloud nine

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

DevOps, Automation, Compliance

ประเภทงาน:

งานประจำ

• Fulfill tasks of cybersecurity vulnerability management program, i.e. cyberthreat intelligence analysis, cybersecurity assessment, vulnerability profiling, vulnerability compensation and vulnerability remediation tracking.
• A dedicated DevSecOps or security engineering team is responsible for embedding security practices into the DevOps pipeline. They build and maintain the security tools and automation required for integrating security checks into the development process.
• Implement security tools in CI/CD pipelines (e.g., code scanning, vulnerability assessments).
• Automate security testing, monitoring, and compliance checks.
• Collaborate with development and operations teams to ensure security is applied at every stage.
• Designing, supervising, and validating holistic Banking application/infrastructure security architecture, to ensure that they are aligned with cybersecurity strategy, security requirement principle and generally cybersecurity best practices (through threat modelling or similar methods).
• Designing and Implementing CI/CD (DevSecOps) Technology integration through own teams and virtual team (with the members of Digital Technology Security team) to always tighten security architecture fabrics, and to support cybersecurity transformation, lean and automation process.
• Qualifications Bachelor s or Master degree in computer science, Computer Engineering, Information Technology, or related field.
• At least 5 years of experience in security advisory, security architecture, CI/CD security, Vulnerability Assessment, Penetration test or a related field.
• Good communication skills, with the ability to communicate complex security issues.
• Strong Knowledge in new Banking Technology and associated security controls.
• Knowledge of security best practices in software development.
• Knowledge of SDLC framework.
• Familiarity with CI/CD tools & DevOps tools.
• Experience with Code/Library/Image scanning tools (Dynamic/Static Code Scan).
• Expertise in cloud security (AWS, Azure, GCP, HWC).
• Experience with cloud security and compliance tools (CSPM).
• Knowledge of Securing Cloud Environments to ensure that security practices are tailored for cloud-native and hybrid environments, including container security, infrastructure as code, and microservices security.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

ทักษะ:

Sharepoint, English

ประเภทงาน:

งานประจำ

• Could have experience to develop information in Microsoft SharePoint 3-5 Years.
• Could have experience quality-control would be more assist.
• Have experience in Thai Oil Service would be more assist.
• EDUCATION.
• Bachelor Degree in Computer Science, Computer Engineering, Information Technology or any equivalent fields of study.
• OTHER REQUIREMENTS.
• Good command of English and computer literacy.
• Work @ Sriracha, Chonburi.
• ROLE & RESPONSIBILITY.
• Be able to communicate and manage Safety and Security information by Standard Program of Thai Oil as well. Thus could be reference and apply to all staff implement.
• สามารถสื่อสารสื่อความและควบคุมจัดการงานข้อมูลเรื่องความมั่นคงปลอดภัยผ่านมาตรฐานโปรแกรมที่มีใช้ในองค์กรได้เป็นอย่างดีเพื่อให้ทุกคนในองค์กรสามารถอ้างอิงและนำไปใช้ได้อย่างถูกต้อง.
• Be able to collect, store, create and update documents of the organization's internal and external security management system standards correctly and able to evaluate according to the standards set
• สามารถรวบรวมจัดเก็บ สร้างและอัพเดทเอกสารของมาตรฐานระบบการจัดการความมั่นคงและปลอดภัยขององค์กรทั้งภายในและภายนอกได้อย่างถูกต้อง และสามารถประเมินผลได้ตามมาตรฐานที่ได้กำหนดไว้.
• Be able to practice Security skill to supervise the team contractor working correctly and effectiveness
• สามารถฝึกฝนเพื่อให้สามารถปฏิบัติการบังคับบัญชาหรือแนะนำงานในด้านความมั่นคงให้กับทีมงานผู้รับเหมาที่ปฏิบัติงานภายใต้บังคับบัญชาปฏิบัติงานได้อย่างถูกต้องและมีประสิทธิภาพได้ในอนาคต.

ทักษะ:

Research, System Administration, Android

ประเภทงาน:

งานประจำ

• Implements IT security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Protects IT system by defining access privileges, control structures, and required resources.
• Process & analyze to gain insights on past IT areas on, current or potential attacks and threats that pose a risk to the organization.
• Primary point of contact with Internal Audit. Periodically review, update, implement and communicate changes to IT policies and procedures and General IT Controls. Facilitate internal and external audit processes by participating in scoping discussions and walk-throughs, delivering evidence that controls are operating as defined, remediating deficiencies, and acting on recommendations.
• Safeguards IT infrastructure and system as well as information system assets by identifying and solving potential and actual security problems.
• Research cyber security topics and promote Cyber security awareness throughout Thaioil.
• EDUCATION.
• Bachelor s degree in computer science, Information Systems, or equivalent education or work experience.
• EXPERIENCE.
• Relevant experience, especially in IT working environment.
• Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Hands-on experience analyzing high volumes of logs, network data (e.g., Netflow, FPC), and other attack artifacts in support of incident investigations.
• Experience with vulnerability scanning solutions.
• Familiarity with Vulnerability Management program.
• Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security.
• Have knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform.
• Understanding of mobile technology and OS (i.e., Android, iOS, Windows), VMware technology, and Unix and basic Unix commands.
• OTHER REQUIREMENTS.

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

Research, ISO 27001, Enthusiastic, English

ประเภทงาน:

งานประจำ

• Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products.
• Conduct technical and operational threat intelligence research, both independently and as part of a wider team.
• Identify emerging threats, techniques and trends, the means of protecting or defending against them, and articulate these in a range of report formats to relevant stakeholders.
• Conduct deep-level analysis of malware, including how it is developed, functions, and employed.
• Support the Consulting and Managed CTI teams, Vulnerability Management, Incident Response and CSOC team with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats.
• Support Cybersecurity Posture Management to guarantee that a good cybersecurity posture is consistently maintained at an acceptable level. Liaison with external audit, internal audit, financial crime and associated consultants, and the group firm.
• Assist technology security team leaders/others in responding to cybersecurity incidents that have an impact on cybersecurity posture, in order to guarantee quick reaction, tracking, and proper maintenance.
• Assist in R&D and innovation on cybersecurity technology and approaches for continuous cybersecurity uplift.
• Qualifications Bachelor s or Master degree in computer science, Computer Engineering, Information Technology, or related field.
• At least 5 years of experience in Information Security or a related field.
• Knowledge of security technology e.g. WAF, SIEM, EDR, IAM, CSOC and Vulnerability Management.
• Experience in cloud cybersecurity technologies and services.
• Exposure to malware reverse engineering, network intrusion analysis, host intrusion analysis, log analysis, vulnerability research or digital forensics is preferred.
• Strong understanding of industry best practices and standards, including ISO 27001, NIST, and CIS is preferred.
• Relevant certifications such as CISSP, CISM, or CISA are a plus.
• Excellent communication and problem-analytical skills, with the ability to communicate complex security issues to non-technical stakeholders.
• Effective English for verbal, written communication.
• Enthusiastic, thriving, good interpersonal skills.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

ประสบการณ์:

1 ปีขึ้นไป

ทักษะ:

Risk Management, Compliance

ประเภทงาน:

งานประจำ

• Invite and provide evidence-based feedback in a timely and constructive manner.
• Share and collaborate effectively with others.
• Work with existing processes/systems whilst making constructive suggestions for improvements.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Keep up-to-date with technical developments for business area.
• Communicate confidently in a clear, concise and articulate manner - verbally and in written form.
• Seek opportunities to learn about other cultures and other parts of the business across the Network of PwC firms.
• Uphold the firm's code of ethics and business conduct.
• referred skills.
• Cyber Security and Data Privacy.
• Minimum years experience required.
• 1-3 years of Experiences.
• Additional application instructions.
• N/A.
• Education (if blank, degree and/or field of study not specified).
• Degrees/Field of Study required: Degrees/Field of Study preferred:Certifications (if blank, certifications not specified).
• Required Skills.
• Optional Skills.
• Desired Languages (If blank, desired languages not specified).
• Travel Requirements.
• Not Specified
• Available for Work Visa Sponsorship?.
• Yes
• Government Clearance Required?.
• No
• Job Posting End Date.

ประสบการณ์:

3 ปีขึ้นไป

ทักษะ:

Compliance, Legal, Risk Management

ประเภทงาน:

งานประจำ

• Develop data security policy review, data security policy exceptions, and control risk mitigation processes.
• Define the security controls for access management lifecycle (i.e., requirement for creation, deletion, transfer and review).
• Operate:Advice on technology relating to Data Privacy and Protection (i.e., PDPA) related security controls implementation.
• Drive and support data security controls such as Data Loss Prevention (DLP), Data Masking, Data Encryption capabilities to protect sensitive data.
• Drive compliance (or collaborate with compliance team) to organization security policies, standards, metrics, and legal requirements.
• Communicate and enforce security policies, rules, and standards.
• Conduct impact assessment of data initiatives from a security point of view.
• Ensure the cryptographic keys and related components are safety and protection of confidential information.
• Resolve data security audit and risk findings.
• Review and develop security controls to current access controls policies and procedures.
• Provide requirements for create and manage roles, access rights (includes privileged access), authentication and identity within the environment.
• Conduct periodic review of user access.
• Review, approve and monitor the usage of privileged access.
• EDUCATION.
• Bachelor s degree in computer science, Information Systems, or equivalent education or work experience.
• EXPERIENCE.
• Work experience in privacy, compliance, information security, auditing or a related field may also be an accepted alternative, according to Cybersecurity.
• Minimum 3 years of experience in and strong knowledge of privacy, data, operational risk management, information security, or related areas in IT.
• OTHER REQUIREMENTS.

ทักษะ:

Compliance, Legal, English

ประเภทงาน:

งานประจำ

• Driving PSMS (physical security management system) at local level within the framework of C/AUP governance (incl. Site Security Concept process & consulting of local management).
• Monitoring of adequate implementation of local risk mitigation measures (incl. security services delivered by GR/SES).
• Conducting security investigations at local level & support internal investigations (Compliance) on request.
• Implementing security awareness promotion activities along with other security stakeholders at site (e.g. DSO, GR).
• At Regional Level.
• Implementation/monitoring of the C/AUP regulatory framework in the region based on legal conditions.
• Serve as the primary contact point for physical security governance requirements for responsible region.
• Driving the regional int./ext. security network. Raise PSMS awareness among regional managers and employees.
• Support the continuous improvement process and share best practices within the worldwide security organization.
• Qualifications Bachelor s degree in related fields.
• 5-8 years' experience in an industrial/manufacturing company security or facilities experience are preferred.
• Excellent communication and presentation skills; demonstrated ability to interact with all levels of management with excellent analytical skills.
• Work independently and control own work priorities.
• Highly knowledgeable in all aspects of risk analysis.
• General knowledge of systems capability for security systems.
• Basic knowledge of investigation techniques and methods.
• A good understanding of risk and security issues facing office organization in Thailand.
• Good spoken and written English and Thai.
• Able to travel to Rayong province for work assignments as required.
• Additional InformationBy choice, we are committed to a diverse workforce and are an equal opportunity employer. Robert Bosch welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in the selection process.

ทักษะ:

Linux, Good Communication Skills, English

ประเภทงาน:

งานประจำ

• Conduct advanced penetration tests to identify vulnerabilities in computer systems, networks, and applications.
• Perform vulnerability assessments and security audits to evaluate the effectiveness of existing security measures.
• Develop and execute simulated cyber-attacks to assess the organization s readiness to defend against real-world threats.
• Employ various attack methodologies to test the resilience of systems against hacking attempts and security breaches.
• Perform threat modeling to anticipate potential attack vectors.
• Analyze risks associated with identified vulnerabilities and recommend appropriate mitigation strategies.
• Develop custom tools and scripts to automate penetration testing and exploit known vulnerabilities.
• Keep up to date with the latest exploitation techniques and security tools.
• Prepare detailed reports on findings from penetration tests and security assessments.
• Document and present risks and vulnerabilities to relevant stakeholders, along with recommended countermeasures.
• Collaborate with the Blue Team to enhance the organization s defensive strategies based on offensive findings.
• Share insights and knowledge on emerging threats and attack techniques with the cybersecurity team to continually improve defensive measures.
• Bachelors or Masters Degree in Computer Engineering, Computer Science or related field.
• At least 10 years of experience in penetration testing and vulnerability assessments or related roles.
• Strong knowledge of network and application security, ethical hacking, and cybersecurity principles.
• Familiarity with penetration testing tools (e.g., Metasploit, Burp Suite, Kali Linux).
• Excellent problem-solving skills and ability to think like an adversary.
• Good communication skills for effective reporting and stakeholder engagement.
• Rapid learning capability and able to work under pressure.
• Good command in written and spoken Thai and English language.
• Ability to present technical solutions with stakeholders in an easy way.
• Knowledge of International Security frameworks, Standards, and Guidelines e.g., NIST-800-53, PCI-DSS, OWASP, etc.
• Professional Certificated related to work e.g. (CISSP, OSCP, OSWE) is desirable.
• Location: True Digital Park, Punnawithi.