Sr Specialist Cyber Security
- Hybride (Mobile Office/ Onsite), Petaling Jaya
- 01.01.2026
- Full-time
- Permanent
The HIMA Group is a global, independent provider of safety-related automation solutions for the process and railway industry. With passion and a spirit of innovation, our employees on all continents are committed to a common goal: the sustainable protection of people, systems and the environment.
Our comprehensive portfolio - from hardware and software to services and customised complete solutions - enables our customers to plan and operate their systems safely.
It is important to us that you can contribute your own ideas and help shape them. We firmly believe that innovation comes from collaboration. That's why we value teamwork and a collegial atmosphere where mutual support is paramount.
As part of our team, you will have the opportunity to experience an inspiring work environment where creativity, diversity and initiative are encouraged. With us, you will not just find a job, but an exciting and varied activity that offers you the chance to actively contribute to the company's success.
HIMA GROUP - WHERE TALENT MEETS TECHNOLOGY
Together, we are creating the future of digital safety.
EXPECTATIONS AND TASKS
Role Overview:
The Cyber Security Engineer strengthens the technical backbone of the globally distributed Information Security team and its security and compliance efforts. The Cyber Security Engineer increase cyber security acting as the team’s hands-on specialist for vulnerability management, penetration testing, and digital forensics.
The Cyber Security Engineer supports global compliance objectives under ISO 27001 ISMS, 27002 Security Controls, 27005 Risk Management, 42001 AI Governance and 22301 Business Continuity Management, turning policy into technical validation and technical reporting data into readable reports.
The CSE works closely with the CISO, ISOs and ISRs.
Key Responsibilities:
- Security Monitoring & Incident Handling: Participate in global SIEM/SOC operations as counterpart and point of escalation for our managed SOC Provider, ensuring threats are detected and mitigated fast enough.
- Security Incident Response Support: Conduct forensic investigations of security incidents. Collect, analyze, and preserve digital evidence in line with global best practices.
- Automation & Hardening: Develop scripts and tools for vulnerability scanning, system monitoring, and threat detection. Automate repetitive pain.
- Threat & Risk Analysis: Collaborate with risk management colleagues to translate technical findings into business risks under the ISO 27005 methodology.
- Security Architecture Support: Work with infrastructure and application teams to design secure configurations and architectures that comply with ISO 27001 while ensuring performance or budget control.
- Business Continuity Integration: Support the ISO 22301 framework by ensuring technical continuity and disaster recovery plans including proper recovery procedures, 3-2-1 backups, and response mechanisms.
- Vulnerability & Penetration Testing
- Perform internal and external penetration tests on systems, networks, and applications to identify security weaknesses.
- Ethical Hacking
- Simulate real-world attack scenarios to assess system resilience. Use creativity, persistence, and just enough mischief to make defenders sweat—but ethically.
- Documentation & Reporting: Produce clear, actionable security reports and technical documentation for executive review without losing technical integrity.
YOUR PROFILE
Key Requirements:
- Bachelor’s degree in Computer Science, Cybersecurity, or related technical field.
- At least 3 years of hands-on experience in cybersecurity engineering, penetration testing, or digital forensics.
- Understanding of ISO 27001 and the associated ISO Norms
- Proficiency with tools such as Burp Suite, Metasploit, Nessus, Wireshark, Nmap, Volatility or similar utilities.
- Strong scripting skills (Python, PowerShell, Bash) for automation and analysis.
- Familiarity with cloud security (MS Azure) and hybrid environments including Intune, Microsoft Defender, Sentinel, and the broader Microsoft 365 security ecosystem.
- Experience with forensic tools (e.g., Autopsy, FTK, EnCase) is a plus
- Fluent English skills, spoken and written
Preferred Certifications:
- CEH (Certified Ethical Hacker) as the entry point
- OSCP (Offensive Security Certified Professional) or CHFI (Computer Hacking Forensic Investigator) are a plus
- ISO 27001 Implementer or Auditor is a plus for blending tech with governance
Personal Qualities:
- Analytical and creative
- Calm under pressure
- Enjoys global collaboration
- Good communication skills
- Detail-oriented, disciplined, and preferring structured configurations
YOUR BENEFITS
- Attractive and secure workplace
- Flexibility and autonomy in an innovative and global work environment
- Flexible and tailored working hour models according to the area of application and the option for remote work
- Practice-oriented onboarding
CONTACT & FURTHER INFORMATION
The HIMA Group offers flexible working models. Besides the option of remote work, our employees can choose from various part-time models for specific positions. Job sharing is also possible for certain roles. Feel free to inquire about this.
Diversity and inclusion are more than just an image for us; they're deeply embedded in our corporate culture. Therefore, we welcome all applications: regardless of gender, age, disability, religion, ethnic origin, or sexual identity.
Keep it simple. We don't need a cover letter for your application.
Simply apply online using the Apply button.
If you have any questions about the application process or specific vacancies, please contact the HIMA Recruiting Team by email. You can contact the team at the following email address: recruiting@hima.com.