Lumentum Holdings logo

IT Security Analyst

Lumentum Holdings

ThailandFull time
Apply on Lumentum Holdings’s site

Posted July 7, 2026

It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

Role purpose

The postholder supports the day-to-day protection of the organisation's information assets by monitoring security events, investigating alerts, administering security controls, gathering assurance evidence and supporting incident response in line with approved policies, standards and procedures.

Role scope and level

  • Operational practitioner working within approved standards, playbooks, change processes and escalation routes.
  • Responsible for accurate triage, evidence capture, routine control activity and remediation follow-up.
  • Expected to escalate high-risk, novel or complex issues to the relevant incident owner, service owner, risk owner or line manager.
  • Focuses on consistent execution, timely service support and clear communication with technical and non-technical colleagues.

Key responsibilities

1. Security monitoring and alert triage

  • Monitor Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), anti-malware, email security, web security and cloud security alerts.
  • Validate, triage and prioritise security events using agreed playbooks, business impact and risk context.
  • Create accurate incident records, preserve relevant evidence and escalate incidents through the agreed incident management process.
  • Support containment, eradication and recovery activities under the direction of the incident owner.

2. Incident response and operational support

  • Follow documented incident response procedures for malware, phishing, account compromise, data exposure, suspicious network activity and lost or stolen devices.
  • Assist with post-incident actions, including evidence capture, timeline building, lessons learned and remediation tracking.
  • Maintain security operations knowledge base articles and playbooks for repeatable response tasks.

3. Vulnerability and configuration management

  • Run or support scheduled vulnerability scanning across servers, endpoints, network devices, applications and cloud services.
  • Validate scan findings, remove false positives where evidence supports this, assign remediation tickets and monitor progress against agreed service levels.
  • Support secure configuration checks against approved baselines, including endpoint hardening, logging configuration and privileged account controls.
  • Provide clear remediation guidance to infrastructure, application and service teams.

4. Identity, access, Data Loss Prevention and Multi-Factor Authentication

  • Support identity and access management processes, including joiners, movers, leavers, privileged access reviews and evidence collection for access recertification.
  • Monitor and investigate Data Loss Prevention (DLP) alerts, applying agreed classification, privacy and escalation rules.
  • Support Multi-Factor Authentication (MFA) administration, user enrolment, exception handling, break-glass access checks and failed authentication investigations.
  • Assist with user access investigations where suspected compromise, misuse or policy breach is identified.

5. Security controls and tooling

  • Operate security tools in line with documented procedures and change controls.
  • Support maintenance of alert rules, watchlists, endpoint policies, email filtering rules and data protection controls under approved guidance.
  • Record control issues, service defects and improvement opportunities.
  • Carry out routine security checks for backup alerts, logging gaps, certificate expiry, secure configuration and monitoring coverage.

6. Policy, compliance and assurance support

  • Gather evidence for audits, risk assessments, supplier checks and compliance reviews.
  • Apply relevant internal policies, standards and data handling requirements.
  • Support regular checks against security standards, control requirements and business processes.
  • Identify policy exceptions or control gaps and raise them through the agreed risk management process.

7. Awareness and stakeholder support

  • Provide practical security advice to users and technical teams.
  • Support phishing exercises, security awareness activities and targeted communications.
  • Explain security requirements in a clear, proportionate and helpful way.
  • Promote secure behaviours, including reporting suspicious activity, protecting credentials and handling sensitive data correctly.

8. Reporting and documentation

  • Maintain accurate incident, alert, remediation and evidence records.
  • Prepare routine operational reports on alerts, incidents, vulnerabilities, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), control exceptions and remediation progress.
  • Contribute to dashboards and management information using agreed metrics.
  • Keep procedures, playbooks and technical notes up to date.

Required knowledge, skills and experience

Essential technical skills

  • Security monitoring and incident triage using Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), endpoint protection and cloud security tooling.
  • Data Loss Prevention (DLP) alert analysis, policy support and escalation.
  • Multi-Factor Authentication (MFA) administration, troubleshooting and exception checking.
  • Vulnerability scanning, remediation tracking and secure configuration review.
  • Understanding of common network, endpoint, identity, email and cloud security controls.
  • Awareness of firewalls, proxies, Virtual Private Network (VPN), Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) technologies.
  • Strong documentation, evidence gathering and ticket management skills.
  • Basic scripting or automation capability, for example PowerShell or Python, is desirable.

Essential knowledge

  • Confidentiality, integrity and availability principles and their application to business information.
  • Common cyber threats, including phishing, malware, ransomware, credential theft, insider risk and data exposure.
  • Incident response stages, including preparation, detection, analysis, containment, eradication, recovery and lessons learned.
  • Risk management principles, including likelihood, impact, control effectiveness and risk treatment.
  • Secure handling of sensitive data and audit evidence.

Experience and qualifications

  • Typically two or more years in information technology support, security operations, infrastructure operations or a comparable environment, or equivalent demonstrable experience.
  • Relevant practitioner-level security certification is desirable, such as Security+, Systems Security Certified Practitioner (SSCP)
  • A degree, apprenticeship or professional training in cyber security, information security, computer science or a related discipline is desirable but not essential where equivalent experience can be demonstrated.

Behavioural skills

  • High standard of integrity, confidentiality and ethical conduct.
  • Methodical, accurate and calm when handling incidents or time-sensitive issues.
  • Clear written and verbal communication for technical and non-technical audiences.
  • Collaborative working style with service desk, infrastructure, application, cloud, data protection and business teams.
  • Curiosity and commitment to continuous learning in a changing threat environment.

Measures of success

  • Security alerts are triaged accurately and within agreed service levels.
  • Incidents are documented, escalated and actioned through the agreed process.
  • Vulnerability and remediation tickets are tracked with reliable evidence and clear ownership.
  • Data Loss Prevention (DLP) and Multi-Factor Authentication (MFA) activities are monitored, evidenced and handled in line with policy.
  • Audit and assurance evidence is complete, accurate and available when required.
  • Users and technical teams receive clear, proportionate and practical security advice.

We are an equal opportunity employer and value diversity at our company.

We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Please contact us to request accommodation.

Apply for this role

Listing aggregated by StartupHub.ai from Lumentum Holdings’s public careers board. Applications are handled on the employer’s site.