Threat & Vulnerability Analyst

**Location**

Singapore, Central Singapore

**Job Type**

Permanent

**Salary**

$7,500 - $15,000 Per Month

**Date Posted**

8 minutes ago

Additional Details

**Job ID**

49525

**Job Views**

2

**Job Description**:
Roles & Responsibilities

**It’s Time**

Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we’ve earned a place at the forefront of our industry. Our lawyers are leaders in their field - and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find innovative new ways to deliver our services and maintain our reputation for excellence, in all that we do.

The nature of law is changing and with that change brings unique opportunities. With our collaborative working culture, flexibility, and a commitment to your progress, we build rewarding careers. By joining our global team, you are supported by colleagues from around the world. If you’re ready for a new challenge, it’s time to seize the opportunity.

**Department purpose**

The Global Information Security & IT Risk team is responsible for setting the firm wide strategy for Information Security and changing, managing and maintaining controls to ensure continuous alignment with the strategy. The team must deliver and support robust, reliable, cyber and information security controls 24x7x365 on a global basis.

The Information Security & IT Risk team is responsible for primary controls assurance, client compliance and security requirements and security controls definition. In addition the team is also responsible for tracking obvious and far less obvious threats and vulnerabilities to ensure the protection of client data and the firms digital services, information and data remains robust even as the threat environment constantly evolves.

**Role purpose**

The Threat and Vulnerability Analyst (Singapore) is a member of the Global Information Security Operations team.

The job is focused on six outcomes:

- Deliver vulnerability analysis services support the Snr Threat and Vulnerability Analyst and the wider Security operations team by gathering, analysing and prioritising vulnerability data across the estate using vulnerability scanners (CVE scanners), pen test tools and services and network scanning capabilities.
- Conduct risk and threat assessments document risk and threat analysis when detailed analysis of a vulnerability or threat is required. Share analysis with the Snr Threat and Vulnerability Analyst and wider global security operations team.
- Maintain the vulnerability register support the Snr Threat and Vulnerability Analyst by sharing relevant vulnerability and threat data whilst updating the threat and vulnerability registers when asked to do so. Work closely with threat intelligence providers to regularly keep up to date with changes in the threat environment our firm, the legal services industry and our supply chain.
- Globalise the InfoSec incident response process by a) Monitoring the main InfoSec mailbox and ticket queue during local business hours b) Initiating and managing the InfoSec incident response process when a suspect incident occurs in local business hours c) Collaborating with InfoSec colleagues in Europe and North America to ensure that priority tasks and issues are adopted and handed over at the opening and closure of local business operations.
**Key relationships**
- Works closely with the Senior Threat and Vulnerability analyst (Singapore) sharing vulnerability and threat intelligence and the Manager Security Operations (Belfast).
- Works closely with the Security Logging & SIEM Snr Analyst (Belfast).
- Maintain a close working relationship with the IT Service patching teams globally.
- Maintain a good relationship with the Manager Security Operations (Belfast).
- Maintain a good relationship with the Lead Security Assurance Architect (London).
**Job description**

Role and responsibilities
- Deliver vulnerability analysis services.
- Conduct and document risk and threat assessments.
Find back doors and miss-direct attackers.
- Promote the adoption and use of the MITRE and STRIDE frameworks across global Security Operations team globally. Demonstrate by example the efficacy of MITRE and STRIDE.

Team
- Security operations staff (Singapore) (3 currently) of which this role will be a team member.
**Key requirements**
- Demonstrate experience of IT security and IT infrastructure security, security vulnerability management and cyber incident response.
- Possess relevant vocational qualifications (CISSP / CISM / CEH for example).
- Be familiar with log analysis and data analysis tool like ELK and be able to leverage such tools to accelerate the analysis of a suspect security incident.
- Demonstrate energy and tenacity and the ability to delivery threat and vulnerability analysis in time critical and sometimes demanding situations.
- Be able to communicate well visually