Cyber Incident Analyst

Roles & Responsibilities

Role Summary

Our client is looking for Cybersecurity expert/SME in Detection Engineering & Security Investigation areas, part of Production SOC & Security Investigation & Incident Response team.

The role will be to:

• Strengthen the detection capabilities in APAC and be member of the Global Use Case development team for a worldwide alignment of the security use cases.
• Contribute to the enhancement of SIEM and SOAR capabilities.
• Act as reference point in team of experts on Security Incident Response activities, Anti-Malware/Defense activities and Security Detection activities.
• Oversee the detection capabilities for the 24/7 regional IT Production SOC which handles the IT Production security alerts for the APAC region.
• Participate to the global continuous improvement of the framework of tools and processes for Security Incident Management, Anti-Malware/Defense and Security Detection.
• Collaborate with the APAC Business CSIRT, accountable for the Security Incident practice in APAC, to strengthen the extended security monitoring setup between Business Information Security and IT Production Security.

Main Responsibilities

• Lead technical activities (security usecase definition, design, implementation & enrichment) in the team of IT Production Security Investigation & Incident Response based on real-world attack scenarios and framework like MITRE ATT&CK, ensuring robust security detection posture across various layers.
• Understand ongoing security threats in the wild and propose security usecase to detect and when possible, protect or mitigate.
• Lead technical activities (definition, R&D/threat hunting) in the team of IT Production Security Investigation & Incident Response and oversee the detection capabilities of the 24/7 regional IT Production SOC.
• Respond to Cyber / IT security incidents and evaluates the type and severity of security events.
• Identify recurring security issues and risks and develops mitigation plans and recommends process improvements.
• Partner with global, regional and local stakeholders to ensure organizational and procedural efficiency and readiness for detection of suspicious events and reaction.
• Continuously improve the processes to strengthen the current SOC framework via review of policies and operational playbooks.
• Partner with the APAC Business CSIRT for integrated security monitoring and alert/incident handling operations.
• Contribute to local security incident response outside the direct scope of responsibilities (i.e., local IT production in some APAC business entities).
• Contribute to the Bank compliance with regulatory requirements and internal policies.
• Contribute to the reporting of all incidents according to the Incident Management System.
• Contribute to the control frameworks in day‐to‐day business activities, such as Control Plan; Participate to Audit interview and provide the require evidence.

Qualifications & Experience

• Bachelor's Degree in Information Technology or related fields.
• Must have 7 or more years of experience on overall cybersecurity incident response with over 4 years specifically on security usecase design, development, coding.
• A minimum of 7 or more years of experience as security professional.
• Experience in security usecase design/development with understanding of Java language.
• Good working knowledge of Linux (RedHat/Ubuntu).
• Working knowledge to interpret security logs or instructions into threat models – SecOPS-DevOPS mindset & skills.
• Experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders.
• Thorough understanding of technologies and security concepts, with knowledge & hands on experience in SIEM Product and Security Incident Management.
• Experience of performing security monitoring and incident response activities in an advanced Security Operation Centers (SOC) environment (log analysis, event analysis, incident investigation, reporting).
• Comfortable working with and making the most of large data sets (collection, analysis, response), creating content/use cases/models and bringing an automation mindset.
• Experience in SIEM on ELK(Elastic Logstash Kibana) stack is a plus.
• Professional credentials in one of the relevant IT Security disciplines is a plus (SANS / CISSP / OSCP).
• Experience in common scripting languages such as Python, PowerShell, Bash, SQL is a plus.

Personal Attributes

• Strong problem-solving skills and Good communication skills.
• Ability to communicate in French is a plus in order to effectively communicate with French-speaking stakeholders.
• Positive attitude, willing to upskill and carry out in-depth troubleshooting.
• Has the ability to work autonomously and think on feet, be-proactive.
• Good interpersonal skills and team player.
• High energy level coupled with a desire to take on responsibility.
• Able to multi-task & deliver within agreed deadlines.

Tell employers what skills you have

Work Autonomously
Information Security
Able To Multitask
Troubleshooting
Remediation
Bash
Information Technology
Logstash
Incident Investigation
French
Kibana
Evidence
Linux
Incident Management
CISSP

---