Jobfoundry
Jobfoundry
OCBC

Middleware Security Engineer (Manager/AVP)

OCBC
BusinessOCBC SingaporeFull-time1 months ago
Apply Now

About the role

AI summarised

This is a Middleware Security Engineer role at a bank, responsible for securing middleware platforms such as WebSphere, WebLogic, and JBoss. The role involves implementing security controls, managing vulnerabilities, and ensuring compliance with regulatory standards. The position requires team leadership and stakeholder management skills.

BusinessFull-timeGeneral

Key Responsibilities

  • Lead and manage the middleware security team to ensure secure configuration and hardening of middleware platforms.
  • Define and implement security policies, standards, and procedures for middleware environments.
  • Conduct vulnerability assessments and coordinate remediation efforts for middleware components.
  • Manage patch management lifecycle for middleware systems to address security vulnerabilities.
  • Implement access control mechanisms and ensure least privilege principles are applied.
  • Monitor security events and incidents related to middleware platforms and lead incident response activities.
  • Collaborate with infrastructure, application, and security teams to integrate security requirements.
  • Ensure compliance with regulatory requirements such as MAS, SOX, and GDPR.
  • Provide security guidance and training to development and operations teams.
  • Prepare and present security metrics and reports to management and auditors.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
  • Minimum 8-12 years of experience in middleware security or related roles.
  • Strong hands-on experience with middleware platforms: WebSphere, WebLogic, JBoss, Apache Tomcat.
  • In-depth knowledge of security hardening, encryption, PKI, SSL/TLS, and access control.
  • Experience with vulnerability management tools and patch management processes.
  • Familiarity with SIEM solutions and incident response procedures.
  • Understanding of regulatory compliance frameworks (MAS, SOX, GDPR).
  • Proven experience in team leadership and stakeholder management.
  • Excellent communication and interpersonal skills.
  • Relevant security certifications (CISSP, CISM, CEH) are preferred.