WIXLIB

DIGITAL TECHNOLOGYCYBERSECURITYChief Information Security Officer (CISO)SecurityOperationManagerCyber RiskManagerCyber tionAnalystIncident isk andCompliance (GRC)Digital ForensicManagerDigital rDomain:Security Designand EngineeringDomain:Security Designand ingDomain:Security Operationand IncidentResponseDomain:ForensicInvestigation andThreat AnalysisSecurity Executive / Associate Security AnalystSECURITY EXECUTIVE/ASSOCIATE SECURITYANALYSTJob DescriptionSupports security systems and operations administration, monitoring and maintenanceMonitors security alerts and eventsCollects and documents contextual information based on established practices and supports the preparationand publishing of security advisoriesAssists with the analysis of security-related information and events, escalation of incidents for validation andremediationRequired to be on standby with on-call availability with varied shifts including nights, weekends and holidaysCompetenciesCyber Incident Management & ProblemManagementCyber ForensicsInfrastructure SupportSecurity AdministrationSecurity Assessment & TestingSecurity Education & AwarenessProject ManagementThreat Intelligence & DetectionEssential / Core SkillsCommon Certifications*ISACA CSX Fundamental Certificate (For Beginner)CompTIA A (For Beginner)EC-Council Certified Network Defender (CND)(For Beginner)Cisco Certified Entry Networking Technician(CCENT) (For Beginner)GIAC Security Essentials Certification (GSEC)(Level 1)Cisco Certified Network Professional Security(CCNP Security)CompTIA Security Rocheston CertificationsEC-Council Certified Ethical Hacker (CEH)(ISC)² Systems Security Certified Practitioner(SSCP)EC-Council Certified Incident Handler (E CIH)ITIL V4 Foundation for IT Service ManagementISO/IEC 27001:2013 Information SecurityManagement System RequirementsCareer PathwayLinuxActive DirectoryFirewallsNetwork SecurityWindows ServerSecurity Information and Event Management(SIEM)Commonly Used Tools / NewTechnologiesSplunkPythonWiresharkVulnerability scannerSoft SkillsCommunicationCreative ThinkingProblem SolvingSense MakingTeamworkStakeholder ManagementChief Information SecurityOfficer (CISO)Branch into any 6 specificCybersecurity domain*This list is not exhaustive and serves only as a guideSecurity Executive /Associate Security AnalystSFIA Level 1Chief Information Security Officer (CISO)5Security Executive/Assoc Security Analyst3NOSS 21SFIA Level:SFIA stands for Skills Framework for the Information Age. It is a model for describing andmanaging skills and competencies for professionals working in the field of Information andCommunication Technologies (ICT), software engineering and digital transformation. Published in2000 by the British Computer Society (BCS).2 NOSS:The acronym NOSS stands for National Occupational Skills Standards. NOSS is a document thatoutlines the dexterity required of an employee working in Malaysia at a certain level ofemployment to achieve specific skills.PEMBANGUNAN SUMBER MANUSIA BERHADWisma HRDF, Jalan Beringin, Damansara Heights50490 Kuala LumpurEmail: support@hrdf.com.myTel: 1800-88-4800Copyright 2020 Government of Malaysia. All Rights Reserved.CONNECT WITH

CYBER RISKANALYSTJob DescriptionConducts independent comprehensive assessments of the management, operational, and technical securitycontrols and control enhancements employed within or inherited by an information technology (IT) system todetermine the overall effectiveness of the controls and ensure an acceptable level of risk to organisationaloperations (including mission, functions, image, or reputation), organisational assets and individuals based onenterprise needs.CompetenciesAudit & ComplianceBusiness Needs AnalysisCyber Incident ManagementCyber Risk ManagementSecurity GovernanceSecurity Program ManagementSecurity StrategyCyber Crisis ManagementBusiness continuity planning (BCP) /Change Control Management / Asset ManagementRelevant law and regulation (Legal regulation andcompliance)Emerging Tech (Cloud security, IoT, ICS, OT)Troubleshooting and Risk AnalysisCommon Certifications*Essential / Core SkillsNetwork SecurityLinuxFirewallsCommonly Used Tools / NewTechnologies(ISC)² Certified Information Systems SecurityProfessional (CISSP)GIAC Certified Incident Handler (GCIH)ISACA Certified Information Systems Auditor(CISA)ISACA Certified Information Security Manager(CISM)GIAC Critical Controls Certification (GCCC)ISACA Certified in Risk and InformationSystems Control (CRISC)ISO/IEC 27001:2013 Lead AuditorSQLLogRadarSecurity Information and EventManagement (SIEM)PythonCascading Style Sheets (CSS)Soft SkillsCommunicationComputational ThinkingProblem SolvingSense MakingTeamworkStakeholder ManagementCareer PathwayChief Information SecurityOfficer (CISO)*This list is not exhaustive and serves only as a guideCyber Risk ManagerCyber Risk AnalystDomain: Governance Risk and Compliance (GRC)SFIA Level1NOSS 2Chief Information SecurityOfficer (CISO)5Cyber Risk Manager4&5Cyber Risk Analyst31SFIA Level:SFIA stands for Skills Framework for the Information Age. It is a model for describing andmanaging skills and competencies for professionals working in the field of Information andCommunication Technologies (ICT), software engineering and digital transformation. Published in2000 by the British Computer Society (BCS).2 NOSS:The acronym NOSS stands for National Occupational Skills Standards. NOSS is a document thatoutlines the dexterity required of an employee working in Malaysia at a certain level ofemployment to achieve specific skills.PEMBANGUNAN SUMBER MANUSIA BERHADWisma HRDF, Jalan Beringin, Damansara Heights50490 Kuala LumpurEmail: support@hrdf.com.myTel: 1800-88-4800Copyright 2020 Government of Malaysia. All Rights Reserved.CONNECT WITH

SECURITYPENETRATIONTESTERJob DescriptionPerforms assessments of systems, networks, application and technology (eg. IOT, cloud) within the networkenvironment or enclave and identifies where those systems/networks deviate from acceptable configurations,enclave policy, or local policyMeasures effectiveness of defense-in-depth architecture against known vulnerabilitiesCompetenciesAudit & ComplianceCyber Risk ManagementEmerging Technology SynthesisSecurity Assessment & TestingTest PlanningThreat Analysis & DefenseSecurity Architecture UnderstandingProject ManagementEmerging Tech (Cloud security, IoT, ICS, OT)Essential / Core SkillsCommon Certifications*Offensive Security (OffSec) Certified Professional(OSCP)GIAC Penetration Tester Certification (GPEN)EC-Council Certified Security Analyst (ECSA)CompTIA Pentest Career PathwayPenetration TestingNetwork SecurityLinuxPythonEthical HackingKali LinuxCommonly Used Tools / NewTechnologiesChief Information SecurityOfficer (CISO)JavaRed TeamingBurp SuitePowershellSecurity PenetrationManagerSoft SkillsSecurity PenetrationTesterDomain: Penetration TestingSFIA Level 1NOSS 2Chief Information SecurityOfficer (CISO)*This list is not exhaustive and serves only as a guide5Security Penetration ManagerSecurity Penetration TesterCommunicationCreative ThinkingProblem SolvingSense MakingTeamworkStakeholder ManagementReport Writing4&53Level 5, J620 CyberSecurity PenetrationTesting & Assessment-Cyber Security1SFIA Level:SFIA stands for Skills Framework for the Information Age. It is a model for describing andmanaging skills and competencies for professionals working in the field of Information andCommunication Technologies (ICT), software engineering and digital transformation. Published in2000 by the British Computer Society (BCS).2 NOSS:The acronym NOSS stands for National Occupational Skills Standards. NOSS is a document thatoutlines the dexterity required of an employee working in Malaysia at a certain level ofemployment to achieve specific skills.PEMBANGUNAN SUMBER MANUSIA BERHADWisma HRDF, Jalan Beringin, Damansara Heights50490 Kuala LumpurEmail: support@hrdf.com.myTel: 1800-88-4800Copyright 2020 Government of Malaysia. All Rights Reserved.CONNECT WITH

SECURITYOPERATION ANALYSTJob DescriptionDevelops cyber indicators to maintain awareness of the status of the highly dynamic operating environmentCollects, processes, analysis, and disseminates cyber threat/warning assessmentsCompetenciesCyber Incident ManagementCyber Risk Management and AssessmentDisaster Recovery ManagementThreat Analysis & DefenseThreat Intelligence & DetectionEnterprise ArchitectureCyber Crisis ManagementCyber ForensicSurveillance and Incident ResponseOperations ManagementEssential / Core SkillsCommon Certifications*GIAC Cyber Threat Intelligence (GCTI)(ISC)² Certified Information Systems SecurityProfessional (CISSP)CompTIA Cybersecurity Analyst (CySA )EC-Council Certificed SOC Analyst (CSA)EC-Council Certified Threat Intelligence Analyst(C TIA)Career PathwaySecurity Information and Event Management(SIEM)LinuxCommonly Used Tools / NewTechnologiesSQLVulnerability ManagementLogRadarWiresharkSoft SkillsChief Information SecurityOfficer (CISO)CommunicationCreative ThinkingProblem SolvingSense MakingTeamworkStakeholder ManagementSecurity OperationManagerSecurity OperationAnalyst*This list is not exhaustive and serves only as a guideDomain: Security Operation and Incident ResponseSFIA Level1NOSS 2Chief Information Security Officer(CISO)5Security Operation Manager4Security Operation Analyst31SFIA Level:SFIA stands for Skills Framework for the Information Age. It is a model for describing andmanaging skills and competencies for professionals working in the field of Information andCommunication Technologies (ICT), software engineering and digital transformation. Published in2000 by the British Computer Society (BCS).2 NOSS:The acronym NOSS stands for National Occupational Skills Standards. NOSS is a document thatoutlines the dexterity required of an employee working in Malaysia at a certain level ofemployment to achieve specific skills.PEMBANGUNAN SUMBER MANUSIA BERHADWisma HRDF, Jalan Beringin, Damansara Heights50490 Kuala LumpurEmail: support@hrdf.com.myTel: 1800-88-4800Copyright 2020 Government of Malaysia. All Rights Reserved.CONNECT WITH