Responsibilities:
1. Develop and implement cyber incident response strategy
Develop approaches to combat cyber threats and mitigate risks to information systems assets
Develop guidelines to perform incident response strategies and policies
Implement processes and guidelines to perform incident response protocols, analyses data, and create incident reports
Implement mechanisms to improve cyber security measures and incident response times
Develop incident handling processes, standard operating procedures, playbooks and runbooks
Identify and develop workflows supported with technology to automate repetitive manual tasks
2. Manage cyber security incidents
Communicate and escalate security activities to leadership
Handle responses to cyber security incidents
Lead the recovery of contained cyber security incidents, following established processes and policies
Utilize appropriate cyber incident management techniques to resolve challenges
3. Oversee cyber threat analysis
Collect, analyze and store cyber threat intelligence information
Analyze past cyber-attacks to draw insights and implications on the organization
Recommend ways to enhance the resilience and security of IT systems
Propose mitigation techniques and countermeasures to ensure cyber threats are kept at a minimum
Requirements
Qualifications
Bachelor s degree in computer science or related field, or a similar field. Ideally, you have completed or are about to complete a Security certification (e.g. Security+, GCIA, GCIH, CISSP)
Experiences in following areas:
1. Cyber Forensics
Able to coordinate the collection and preservation of evidence and analyse forensic evidence to draw inferences.
Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
2. Cyber and Data Breach Incident Management
3-4 years of Information Security or Incident Response related experience.
Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications of incidents.
3. Cyber Risk Management
Develop cyber risk assessment techniques and roll-out endorsed measures to address identified cyber security risks, threats and vulnerabilities
4. Security Assessment and Testing
Conduct authorised penetration testing of systems and to expose threats, vulnerabilities and potential attack vectors in systems
5. Stakeholder Management
Serve as the organisations main contact point for stakeholder communications, clarifying responsibilities among stakeholders, and engaging them to align expectations
6. Threat Analysis and Defense
Perform static, dynamic or behavioural analysis on malicious codes and threats, debug malware and thwart malicious attacks
Experience in analyzing system and application logs to investigate security issues and/or complex operational issues. Hands on experience of any SIEM, Elasticsearch, Logstash, and Kibana (ELK), Entity Behavior Analysis (UEBA) technologies and/or log management solution and competent performing log analysis, data correlation, etc.
7. Threat Intelligence and Detection
Implement intrusion detection technology and analyse multi-source information to identify vulnerabilities, potential exploits, methods, motives, and capabilities
8. General knowledge in mainstream operating systems (Windows, Linux, etc.), network protocols, security infrastructure, etc.
Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artefacts, Unix/Linux file systems and memory artefacts, Mac file systems and memory artefacts, TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP and SMB, and etc.
Qualifications Bachelor s degree in computer science or related field, or a similar field. Ideally, you have completed or are about to complete a Security certification (e.g. Security+, GCIA, GCIH, CISSP) Experiences in following areas: 1. Cyber Forensics Able to coordinate the collection and preservation of evidence and analyse forensic evidence to draw inferences. Experience with one or more scripting languages (PowerShell, Python, Bash, etc.) 2. Cyber and Data Breach Incident Management 3-4 years of Information Security or Incident Response related experience. Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc. Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications of incidents. 3. Cyber Risk Management Develop cyber risk assessment techniques and roll-out endorsed measures to address identified cyber security risks, threats and vulnerabilities 4. Security Assessment and Testing Conduct authorised penetration testing of systems and to expose threats, vulnerabilities and potential attack vectors in systems 5. Stakeholder Management Serve as the organisation's main contact point for stakeholder communications, clarifying responsibilities among stakeholders, and engaging them to align expectations 6. Threat Analysis and Defense Perform static, dynamic or behavioural analysis on malicious codes and threats, debug malware and thwart malicious attacks Experience in analyzing system and application logs to investigate security issues and/or complex operational issues. Hands on experience of any SIEM, Elasticsearch, Logstash, and Kibana (ELK), Entity Behavior Analysis (UEBA) technologies and/or log management solution and competent performing log analysis, data correlation, etc. 7. Threat Intelligence and Detection Implement intrusion detection technology and analyse multi-source information to identify vulnerabilities, potential exploits, methods, motives, and capabilities 8. General knowledge in mainstream operating systems (Windows, Linux, etc.), network protocols, security infrastructure, etc. Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artefacts, Unix/Linux file systems and memory artefacts, Mac file systems and memory artefacts, TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP and SMB, and etc.