Senior Cybersecurity Incident Response Specialist

Responsibilities:

1. Develop and implement cyber incident response strategy

Develop approaches to combat cyber threats and mitigate risks to information systems assets

Develop guidelines to perform incident response strategies and policies

Implement processes and guidelines to perform incident response protocols, analyses data, and create incident reports

Implement mechanisms to improve cyber security measures and incident response times

Develop incident handling processes, standard operating procedures, playbooks and runbooks

Identify and develop workflows supported with technology to automate repetitive manual tasks

2. Manage cyber security incidents

Communicate and escalate security activities to leadership

Handle responses to cyber security incidents

Lead the recovery of contained cyber security incidents, following established processes and policies

Utilize appropriate cyber incident management techniques to resolve challenges

3. Oversee cyber threat analysis

Collect, analyze and store cyber threat intelligence information

Analyze past cyber-attacks to draw insights and implications on the organization

Recommend ways to enhance the resilience and security of IT systems

Propose mitigation techniques and countermeasures to ensure cyber threats are kept at a minimum

Requirements

Qualifications

Bachelor s degree in computer science or related field, or a similar field. Ideally, you have completed or are about to complete a Security certification (e.g. Security+, GCIA, GCIH, CISSP)

Experiences in following areas:

1. Cyber Forensics

Able to coordinate the collection and preservation of evidence and analyse forensic evidence to draw inferences.

Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)

2. Cyber and Data Breach Incident Management

3-4 years of Information Security or Incident Response related experience.

Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.

Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications of incidents.

3. Cyber Risk Management

Develop cyber risk assessment techniques and roll-out endorsed measures to address identified cyber security risks, threats and vulnerabilities

4. Security Assessment and Testing

Conduct authorised penetration testing of systems and to expose threats, vulnerabilities and potential attack vectors in systems

5. Stakeholder Management

Serve as the organisations main contact point for stakeholder communications, clarifying responsibilities among stakeholders, and engaging them to align expectations

6. Threat Analysis and Defense

Perform static, dynamic or behavioural analysis on malicious codes and threats, debug malware and thwart malicious attacks

Experience in analyzing system and application logs to investigate security issues and/or complex operational issues. Hands on experience of any SIEM, Elasticsearch, Logstash, and Kibana (ELK), Entity Behavior Analysis (UEBA) technologies and/or log management solution and competent performing log analysis, data correlation, etc.

7. Threat Intelligence and Detection

Implement intrusion detection technology and analyse multi-source information to identify vulnerabilities, potential exploits, methods, motives, and capabilities

8. General knowledge in mainstream operating systems (Windows, Linux, etc.), network protocols, security infrastructure, etc.

Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artefacts, Unix/Linux file systems and memory artefacts, Mac file systems and memory artefacts, TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP and SMB, and etc.

Qualifications Bachelor s degree in computer science or related field, or a similar field. Ideally, you have completed or are about to complete a Security certification (e.g. Security+, GCIA, GCIH, CISSP) Experiences in following areas: 1. Cyber Forensics Able to coordinate the collection and preservation of evidence and analyse forensic evidence to draw inferences. Experience with one or more scripting languages (PowerShell, Python, Bash, etc.) 2. Cyber and Data Breach Incident Management 3-4 years of Information Security or Incident Response related experience. Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc. Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications of incidents. 3. Cyber Risk Management Develop cyber risk assessment techniques and roll-out endorsed measures to address identified cyber security risks, threats and vulnerabilities 4. Security Assessment and Testing Conduct authorised penetration testing of systems and to expose threats, vulnerabilities and potential attack vectors in systems 5. Stakeholder Management Serve as the organisation's main contact point for stakeholder communications, clarifying responsibilities among stakeholders, and engaging them to align expectations 6. Threat Analysis and Defense Perform static, dynamic or behavioural analysis on malicious codes and threats, debug malware and thwart malicious attacks Experience in analyzing system and application logs to investigate security issues and/or complex operational issues. Hands on experience of any SIEM, Elasticsearch, Logstash, and Kibana (ELK), Entity Behavior Analysis (UEBA) technologies and/or log management solution and competent performing log analysis, data correlation, etc. 7. Threat Intelligence and Detection Implement intrusion detection technology and analyse multi-source information to identify vulnerabilities, potential exploits, methods, motives, and capabilities 8. General knowledge in mainstream operating systems (Windows, Linux, etc.), network protocols, security infrastructure, etc. Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artefacts, Unix/Linux file systems and memory artefacts, Mac file systems and memory artefacts, TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP and SMB, and etc.