Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Detect and resolve problems that threaten people, process, technology and facilities.
- Resolution of an incident through an appropriate reaction to, and containment of, the problem constitutes security incident response.
- Review and analyze external threat intelligence feeds from industry, open source and security partners
- Follow the Incident management processes and improve monitoring and notification processes, triage and escalation process
- Proactive risk mitigation, analysis of emerging threats, relevance to Organization
- Operationalize threat detection and threat response based on intelligence feeds
- Provide actionable to respective resolutions team.
- Create hypothesis for hunts and hunt missions
- Test hypothesis and identify patterns
- Responsible for Design, implementation, SIEM (Splunk , Arcsight) administration and setting up Security operation support from global security operation center Operation Support Installation, configuration & management using SIEM product/tool
- Ensure timely response to any cyber incident to minimize risk exposure and production down time
- Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident
- Detecting emerging threats based upon analysis, data feeds and sources (internal & external intelligence sources).
- Engaging with IT functions to ensure alerts are actioned appropriately and in a timely manner.
- Working within the team and the wider Information Security group to build new tools for intelligence gathering.
- Building and maintaining senior management dashboards to provide a clear understanding of team activities and threat landscape.
- Active Cyber Threat Hunting & provide recommendations to optimize cyber security based on threat hunting discoveries.
Job Requirements
- Bachelor's degree or above in Computer Science, Information Technology or related disciplines
- 5~12 years of experience in SOC
- Network security architecture and design
- Routers and access control devices
- TCP/IP networking
- Firewalls, IDS/IPS and Policy Design & Management
- Experience with SIEM tools (Splunk, ArcSight etc), Wireshark or other analytics tools a plus
- Hands on Experience with Endpoint security products
- Any relevant IT or security certifications including CISSP, CISM, CRISC, CEH or SANS certs expected