Intern - Associate Soar Engineer

**Introduction**

Our Company is an innovative, global healthcare leader committed to improving health and well-being in 140 countries around the world. Our product categories include heart and respiratory health, diabetes, infectious diseases, oncology and women's health. We continue to focus our research on conditions that affect millions of people around the world - diseases like Alzheimer's, Diabetes and Cancer - while further expanding our strengths in areas such as vaccines and biologics. We aspire to be the best healthcare company in the world and provide innovative solutions for tomorrow.

**Our Singapore IT Hub**

Established in 2015, our Company’s Singapore IT Hub aims to harness digital solutions for better business outcomes. One of its key focuses is in using analytics and data science to guide better decision-making.

Home to more than 300 employees with over 20 nationalities, the Singapore IT Hub is part of a global network, with sister hubs located in the United States and Czech Republic. In Singapore, the hub houses a wide span of IT capabilities teams ranging from Data Science, Software Engineering, Cybersecurity & Risk Management to Enterprise Platforms and many more. Across Japan, China and the Asia Pacific region, the hub works closely with colleagues from all divisions of the company to drive our core business.

**The Department**

As part of the IT Risk Management & Security organization, our Cyber Fusion Centre is an intelligence-driven security operation centre which combines threat intelligence with various security functions such as incident response, threat hunting, and vulnerability management among others into a single connected unit to comprehensively identify, manage, and respond to all security threats.

As part of the Information Technology Risk Management and Security’s Cyber Fusion Centre, we are looking for a new member of our Incident Response team.

Job Responsibilities:

- Work closely with SOAR product owner and CFC team to implement and deploy SOAR solutions to improve existing automation and deliver resilient security solutions.
- Assess, design, and improve CFC processes and workflows with a focus on integrating automation through SOAR tools and technologies.
- Assist with review of CFC workflows to determine readiness of data sources and integration points.
- Assist with scoping and identification of playbooks for implementation phase.
- Assist with identification of metrics needed for SOAR playbooks.
- Assist with developing a metrics-based dashboard using widgets and data available to build dashboards within SOAR product.
- Assist with developing and implementing testing strategies and documenting results.
- Develop documentations for automation use cases with assistance of SOAR product owner using Jira and Confluence.

Capstone project details: any two or three of the below automation assignments:
1) Monitoring of 3rd party suppliers against ransomware targets.
- Ingest list of ransomware victims from ISACs and flag 3rd parties with Merck relationships.
- Removal of manual verification processes.
- Increase speed in identifying compromised 3rd parties with risk of infection to Merck.

2) Isolate endpoint when credential dumping is detected
- Eliminate multi-steps process required to isolate machine
- Create an end-to-end automation of when leaked credentials are discovered and reduce time from receipt to validation to password change requests.

3) BAS Attack IQ findings correlation
- Correlation and mapping of findings against Attack IQ and MITRE framework manual tests.
- Allow gaps in testing to be seen quickly without manual aggregation of results

4) Cloud Forensic Imaging
- Automate forensic imaging of AWS data and Azure resource
- Increase accurate & timely data representation when examining cloud data or instances.

5) Privilege Escalation Respond
- Verify intent of group owners when elevating privileges to administrator
- Notify group owners immediately once elevation is detected.
- Automate closure for legitimate requests.

6) Isolate infected host on infection alert
- Isolate infected host on infection alert, update AV signatures, and run a full in-depth scan.
- Collect running processes, open ports by process, registry extract, memory dump, extract other security logs for IR investigation purpose.
- Reduce threat actor’s dwell time.
- Reduce manual work and improve IR response time.

Job Requirements:
**Requirements**:

- Education: Pursuing a BS in Information Security or Computer Science.
- Understanding of basic cybersecurity concepts and notions.

Capstone Project Briefing

A Capstone project will be discussed, scoped and offered to the student upon joining.

**Search Firm Representatives Please Read Carefully**

**Employee Status**:
Intern/Co-op (Fixed Term)

**Relocation**:
No relocation

**VISA Sponsorship**:
**Travel Requirements**:
**Flexible Work Arrangements**:
**Shift**:
**Valid Driving License**:
**Hazardous Material(s)**:
**Number