All Open Positions
Be part of something bigger – join the FIRMUS team and work with passionate individuals to create meaningful and lasting impacts. Discover our job openings below!
Security Consultant (Red Team)
ROLE AND RESPONSIBILITIES:
- To support all Pre & Post Sales activities for security consulting projects such as; Penetration Testing, Host Assessments, Web Application Security, Wireless Security Assessment, Social Engineering, Source Code Reviews, Mobile Application Penetration Testing, Red Team Exercise etc. Such activities may include; presentations, proposal preparation, actual hands-on work, demos, etc
- To assist team member (Security Consultants & Associate Consultants) in terms of advisory, technicalities and project management.
- To ensure that all committed project deliverables are met in a timely manner.
- Reports directly to Technical Director.
QUALIFICATIONS AND EDUCATION REQUIREMENTS:
- A Diploma / Degree in IT or a computer-related field is preferred.
- Strong knowledge and experience in performing both manual and automated based security testing and assessment are required (any past experience in publishing of new security exploits are advantageous).
- Professional IT security certifications such as OSCP, OSCE, CPSA, CRT, GWAPT, GPEN, GMOB, Red Team etc. are advantageous.
- Good project management and leadership skills are required.
- Familiar with Penetration Testing Methodologies such as OSSTMM, OWASP, NIST, PTES and etc.
- Has proficiency in Programming Language such as Java, Python, Perl etc. (Any Relevant Programming Background would be advantageous)
- Good understanding on Networking knowledge
- Good communication and interpersonal skills are required
Security Consultant (Blue Team)
KEY RESPONSIBILITIES:
- Main scope of work is in relation to Compromise Assessment and Incident Response activities.
- Assist with the identification, analysis, and response to cybersecurity incidents.
- Document and communicate findings to senior analysts and management.
- Assist with incident response planning and testing.
- Use EDR technologies to perform Compromise Assessment and Incident Response for clients.
- Stay up to date with emerging threats and vulnerabilities.
QUALIFICATIONS:
- Bachelor’s degree in Computer Science, Cybersecurity, or related field
- Knowledge of cybersecurity incident response
- Familiarity with various operating systems and network protocols
- Ability to work independently and as part of a team
- Strong problem-solving and critical-thinking skills
- Excellent written and verbal communication skills
- candidates with full work rights in Malaysia will be prioritised.
Security Engineer (Endpoint)
ROLES AND RESPONSIBILITIES:
- Primary technical project lead to implement security solutions to customers.
- Liaise with customer to implement technical solution aligning to customer’s requirement, project scope and timeline.
- Provide deployment, documentation, support of project-wide information security solution, practices and policies.
- Serve as first point of contact for security solutions’ technical support.
- Technical subject matter expert to perform technical issue troubleshooting, root-cause analysis, resolution and escalation.
- Contribute to building the organization security solutions technical knowledge and cybersecurity knowledge.
- Traveling to customer site for installation or trouble-shooting when required.
- Act as a subject matter expert to provide advisory relate to security solution such as security solution capabilities, solution architecture, implementation plan and etc.
QUALIFICATIONS AND ENTRY REQUIREMENTS:
- Possess a degree (or higher) in IT, Information Security or related field.
- 3-7 years of working experience with a System Integrator (SI), technology consulting organization or end-user IT operations environment.
- Strong communication skills verbal and written in English and Bahasa Malaysia.
- Continuous learning attitude to develop skills in cyber security and to learn new technologies/security solutions.
- Highly organized, self-motivated, have good time management and able to work under minimum supervision.
- A team player with pleasant personalities.
PREFERRED SKILLS:
- Experience in endpoint protection products (CrowdStrike, Cybots, McAfee, Cylance etc.)
- Possess relevant technical certification on endpoint protection products.
- Working experience to analyze and evaluate Whitelisting rules and work with various stakeholder to address potential risks.
- Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan. Implement detection capabilities that align to Cyber Kill Chain, Mitre ATT&CK framework and other relevant.
- Good knowledge on Linux administrator skill and cloud technology is a plus.
Security Engineer (Vulnerability Management, Network)
ROLE DESCRIPTION:
- Primary technical project lead to implement security solutions to customers.
- Liaise with customer to implement technical solution aligning to customer’s requirement, project scope and timeline.
- Provide deployment, documentation, support of project-wide information security solution, practices and policies.
- Serve as first point of contact for security solutions’ technical support.
- Technical subject matter expert to perform technical issue troubleshooting, root-cause analysis, resolution and escalation.
- Contribute to building the organization security solutions technical knowledge and cybersecurity knowledge.
- Traveling to customer site for installation or trouble-shooting when required.
- Act as a subject matter expert to provide advisory relate to security solution such as security solution capabilities, solution architecture, implementation plan and etc.
QUALIFICATIONS:
- Bachelor’s degree or higher in IT, Information Security, or a related field.
- 2-5 years of experience in a System Integrator (SI), technology consulting organization, or end-user IT operations environment.
- Good understanding and working knowledge of cybersecurity frameworks or regulatory requirements such as NIST CSF, ISO27001, Mitre ATT&CK framework, etc.
- Good verbal and written communication skills in English and Bahasa Malaysia.
- Proven commitment to continuous learning in cybersecurity, with a focus on mastering new technologies and security solutions.
- Organized, self-motivated, adapt at time management, and capable of working with minimal supervision.
- Collaborative team player with a positive attitude.
- Hands-on technical proficiency with various network security products, including Firewalls, Advanced Persistent Threat (APT) solutions, Vulnerability Management tools, Mobile Device Management (MDM) platforms, and other relevant technologies.
- Possession of recognized technical certifications in network security is mandatory. Ability to implement detection strategies aligned with industry standards such as the Cyber Kill Chain and Mitre Attack framework.
Consultant – Information Security
ROLE PURPOSE:
Firmus Consulting Sdn. Bhd. seeks bright and talented individuals with strong Information Security and IT backgrounds and a desire to provide security consulting services for clients in various industries. You will provide consulting services focused on information and cyber security. Team members are provided the opportunity to enhance their skills in the areas of security knowledge, technical competency, business development, client service and people development.
KEY ACCOUNTABILITIES:
- Implement information / IT security engagements for clients both as a team member as well as team lead.
- Provide delivery expertise on information security projects. This could be on technical or process aspects (such as Information Security Management Systems (ISMS) or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301/ ISO 27301, Data Loss Prevention (DLP), Identity and Access Management (IAM), cloud security, cyber security design, tools and solutions, security strategy and security project management).
- Provide advice in the identification, assessment, mitigation and management of information security risks and issues across the information security spectrum.
- Identify best practices for Information Security into technically feasible and user friendly deliverables and communicate to clients and their Information Security staff.
- Help in conduct of training on information security solutions when required.
- Gain understanding of key customer issues and help create proposals as required.
- Build own knowledge and competency in cyber security and gain alignment and understanding of at least one industry.
- Lead and manage teams when required, prioritize responsibilities and tasks to deliver quality and timely results and coach & motivate subordinates working as part of the team.
MAIN WORKING RELATIONSHIPS
This position requires working closely with internal staff from across the affiliated entities and lines of service.
Key relationships will be with the CTO, Directors, Senior Managers and other team members within Firmus Consulting.
JOB BOUNDARIES AND DECISION MAKING
As directed by:
- CTO
- Senior Manager
- Manager
- Project Manager for delivery engagements
Constraints
Internal Policies
PERFORMANCE MEASURES & TARGETS:
- Delivery targets.
- Quality of Deliverables.
- Quality of feedback from client.
- Full adherence to internal firm policies.
- Documentation on knowledge repository kept up-to-date.
SKILLS / KNOWLEDGE/ QUALITIFICATIONS:
- Degree in any discipline and/or MBA from a recognised institution; IT Degree preferred.
- Must have at least one of the following security certifications CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, ISO 27001 Lead Auditor, etc.
- Any additional security related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
- Related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
- Good overall understanding of the information security roles and activities.
- Good understanding of at least one information security & regulatory standards/ frameworks; e.g. ISO/IEC 27001, COBIT, PCI-DSS, NIST Cyber Security Framework, BNM RMiT, MAS TRM Guidelines, etc.
- Good technical knowledge on at least two of the following areas:
- Data Security, Privacy, Classification and Data Loss Protection.
- IT Disaster Recovery Planning and Business Continuity Management.
- Network security architecture, management and controls including firewall, routers, IPS etc.
- Threat Intelligence & Advanced Persistent Threats (APT).
- Security Strategy and Roadmaps.
- Security Policy, Standard and Framework.
- Information Security Management Systems.
- Log Management and SIEM.
- Identity and access management solutions and implementation.
- Cloud security.
- Governance, Risk and Compliance (GRC).
EXPERIENCE
- At least three years of working experience in Information Security or IT security and IT systems and / or industry knowledge is preferred. Fresh graduates also encouraged to apply.
- Familiarity and experience in security standards and regulatory frameworks (e.g. ISO/IEC 27001, ITIL, BNM RMiT, MAS TRM Guidelines, PCI-DSS, etc.)
- Experience in delivering a security engagement such as projects in ISMS / BCP / IT DR / DLP is preferred.
- Experience in a particular industry is preferred such as telecom, financial services, government etc.
PERSONAL COMPETENCIES AND QUALITIES
- Strong problem solving ability.
- Ability to learn on the fly.
- Good written and verbal communication skills.
- Good interpersonal skills.
- Strong customer focus and client service.
- Ability to work with a team.
- Ability to devote the time required to deliver projects and build own capabilities.
GRC consultant
ROLE PURPOSE:
Firmus Consulting Sdn. Bhd. seeks bright and talented individuals with strong GRC backgrounds and a desire to provide GRC consulting for clients in various industries. Team members are provided the opportunity to enhance their skills in the areas of GRC, Information and IT Security, technical competency in IT security, business development, client service and people development.
KEY ACCOUNTABILITIES:
- Provide consultancy on GRC and implementation of GRC solutions such as Archer for clients as a team member as well as a team leader. This includes identification of good practices for GRC leading to technically feasible and user-friendly deliverables and communicating these to clients’ staff.
- Provide configuration and support expertise on GRC solutions e.g. Archer GRC.
- Provide consultancy on Information Security / IT Security engagements for clients as a team member as well as a team leader.
- Provide consultancy expertise on technical and process aspects of IT security solutions such as Data Loss Prevention (“DLP”), Identity and Access Management (“IAM”), Privileged Access Management (“PAM”), cloud security, cyber security architecture, tools and solutions for security automation (continuous monitoring, risk assessments, testing).
- Provide consultancy on Information Security Management Systems (“ISMS”) or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301 / ISO 27301, Data Loss Prevention (“DLP”), Identify and Access Management (“IAM”), Privileged Access Management (“PAM”), cloud security.
- Provide consultancy on cyber security risks and developing security standards, procedures, and controls to manage cyber security risks.
- Help in conduct of training on GRC / Information Security / IT Security solutions when required.
- Gain understanding of key customer issues and help create proposals as required.
- Build own knowledge and competency in cyber security and gain alignment and understanding of at least one industry.
- Lead and manage teams when required, prioritize responsibilities and tasks to deliver quality and timely results and coach & motivate employees working as part of the team.
MAIN WORKING RELATIONSHIPS
This position requires working closely with internal staff from across the affiliated entities and lines of service.
Key relationships will be with the CTO, Directors, Senior Managers and other team members within Firmus.
JOB BOUNDARIES AND DECISION MAKING
As directed by:
- CTO
- Project Manager for delivery engagements
Constraints:
Internal Policies
PERFORMANCE MEASURES & TARGETS:
- Delivery targets.
- Quality of Deliverables.
- Quality of feedback from client.
- Full adherence to internal firm policies.
- Documentation on knowledge repository kept up-to-date.
SKILLS / KNOWLEDGE/ QUALITIFICATIONS:
- Degree in any discipline and/or MBA from a recognised institution; IT Degree preferred.
- GRC Certifications are preferred:
- RSA Archer Certified Administrator
- RSA Archer Certified Associate
- OneTrust Certified GRC Professional
- Must have at least one of the following security certifications CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, ISO 27001 Lead Auditor, etc.
- Any additional security related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
- Related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
- Good overall understanding of the information security roles and activities.
- Good understanding of at least one information security & regulatory standards/ frameworks; e.g. ISO/IEC 27001, COBIT, PCI-DSS, NIST Cyber Security Framework, BNM RMiT, MAS TRM Guidelines, etc.
- Good technical knowledge on at least two of the following areas:
- Data Security, Privacy, Classification and Data Loss Protection.
- IT Disaster Recovery Planning and Business Continuity Management.
- Network security architecture, management and controls including firewall, routers, IPS etc.
- Threat Intelligence & Advanced Persistent Threats (APT).
- Security Strategy and Roadmaps.
- Security Policy, Standard and Framework.
- Information Security Management Systems.
- Log Management and SIEM.
- Identity and access management solutions and implementation.
- Cloud security.
- Governance, Risk and Compliance (GRC).
EXPERIENCE
- At least three years of working experience in Information Security or IT security and IT systems and / or industry knowledge is preferred.
- Familiarity and experience in security standards and regulatory frameworks (e.g. ISO/IEC 27001, ITIL, BNM RMiT, MAS TRM Guidelines, PCI-DSS, etc.)
- Experience in delivering a security engagement such as projects in ISMS / BCP / IT DR / DLP is preferred.
- Experience in a particular industry is preferred such as telecom, financial services, government etc.
PERSONAL COMPETENCIES AND QUALITIES
- Strong problem solving ability.
- Ability to learn on the fly.
- Good written and verbal communication skills.
- Good interpersonal skills.
- Strong customer focus and client service.
- Ability to work with a team.
- Ability to devote the time required to deliver projects and build own capabilities.
GRC consultant
ROLE PURPOSE:
Firmus Consulting Sdn. Bhd. seeks bright and talented individuals with strong Information Security and IT backgrounds and a desire to provide security consulting services for clients in various industries. You will provide consulting services focused on information and cyber security. Team members are provided the opportunity to interact with senior management as well as the opportunity to enhance their skills in the areas of security knowledge, technical competency, business development, client service and people development.
KEY ACCOUNTABILITIES:
- Lead and implement information / IT security engagements for clients.
- Provide expert advice, guidance and support on information security. This could be on technical or process aspects (such as Information Security Management Systems (ISMS) or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301/ ISO 27301, Data Loss Prevention (DLP), Identity and Access Management (IAM), cloud security, cyber security design, tools and solutions, security strategy and security project management).
- Provide experience and advice in the identification, assessment, mitigation and management of information security risks and issues across the information security spectrum.
- Identify, translate and capture business requirements and best practices for Information Security into technically feasible and user friendly deliverables and communicate to clients and their information security staff or regulators to achieve strategic alignment from internal and external stakeholders.
- Conduct training on information security solutions when required.
- Gain understanding of key customer and market issues, build opportunities, create proposals and make presentations to clients as required.
- Lead and manage teams, prioritize responsibilities and tasks in order to deliver quality and timely results and coach & motivate employees.
PERFORMANCE MEASURES & TARGETS:
- Delivery and Revenue targets.
- Quality of Deliverables.
- Quality of leadership.
- Quality of feedback from client and sell-on opportunities.
- Full adherence to internal firm policies.
- Documentation on knowledge repository kept up-to-date.
SKILLS / KNOWLEDGE/ QUALITIFICATIONS:
- Degree in any discipline and/or MBA from a recognised institution; IT Degree preferred.
- Must have at least one of the following security certifications CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CCSK, CISA, ISO 27001 Lead Auditor, etc.
- Good overall understanding of the information security roles and activities.
- Strong understanding of information security & regulatory standards/ frameworks; e.g. ISO/IEC27001, COBIT, ITIL, PCI-DSS, NIST Cyber Security Framework, BNM RMiT, MAS TRM Guidelines, etc.
- Good technical knowledge in Governance, Risk and Compliance (GRC).
- Good technical knowledge in at least 2-3 of the following areas:
- Data Security, Privacy, Classification and Data Loss Protection.
- IT Disaster Recovery Planning and Business Continuity Management.
- Network security architecture, management and controls including firewall, routers, IPS etc.
- Threat Intelligence & Advanced Persistent Threats (APT).
- Security Strategy and Roadmaps.
- Security Policy, Standard and Framework.
- Information Security Management Systems.
- Log Management and SIEM.
- Identity and access management solutions and implementation.
- Cloud security.
- Good project management skills.
EXPERIENCE
- Minimum 8 years of working experiences in Information Security or IT security and IT systems and / or industry knowledge. Working experience in big 4 companies or multinationals is preferred.
- Experience in leading a team and in project management.
- Familiarity and experience with security standards and regulatory frameworks (e.g. ISO/IEC 27001, ITIL, BNM RMiT, MAS TRM Guidelines, PCI-DSS, etc.)
- Proven track record of delivering security projects on ISMS / BCP / IT DR / DLP / GRC / IAM.
- Proven experience in a particular industry such as financial services, telecom, government etc.
PERSONAL COMPETENCIES AND QUALITIES
- Strong problem solving ability.
- Ability to learn on the fly.
- Good written and verbal communication skills.
- Good interpersonal skills.
- Strong customer focus and client service.
- Ability to work with a team.
- Ability to develop self and others.
- Good business acumen.
Our Work
At FIRMUS, our people are the foundation of our success. By forming a positive work environment that supports our business objectives, we strive to be the regional cybersecurity leader pioneering innovation in building a cyber security ecosystem.
Our Values
Trust, Reliable and Care are our core values that form the foundation of our approach in embracing diversity, equity and inclusivity. These values enhance our services and enrich our stakeholders’ experiences. Our mission is to partner with customers, providing innovative solutions and good practices to support them achieve their goals.
Our Culture
We prioritize comprehensive professional growth and development, and overall well-being through training, mentorship, and a supportive environment. By methodically listening to and rewarding talent, we empower our team to excel and pioneer advancements in cybersecurity.
Best Employer Award – SME, Central Region – 2023
SME Best Employer 2023 – Silver Award
Send Us Your Resume!
Become part of FIRMUS, where we unite to achieve exceptional results, care passionately about our work, and drive meaningful impact.
