Lead/engineer (Cloud, Incident Response and Threat

**What the role is**
- The job holder will design the security monitoring capabilities and activities to be carried out in the security ops centre (SOC), manage the activities in a cybersecurity ops centre, investigate cyber security events, cyber threat management and perform incident response / remediation for MSOC operations.
LI-ZL1

**What you will be working on**
- He/she is responsible for the following:
Cloud Deployment
- Take charge of design and deployment of security and monitoring capabilities for apps deployed in the enterprise cloud.
- Work with key stakeholders (internal and external) to elicit, scope and manage the requirements for cybersecurity monitoring of enterprise cloud.
- Develop solutions that can integrate with existing cybersecurity monitoring system.
- Manage the vendors to develop and deliver the solution.
- Work closely with project team to identify and manage risks to the project and to recommend mitigating measures.

Incident Response
- Take charge of incidents or suspected incidents assigned by the Ops cluster and work towards establishing the Confidentiality, Integrity and Availability (CIA Triangle) of information systems and data in MHA.
- Perform incident triage / remediation and threat management activities in co-ordination with various Security Incident Response Officers (SIROs) across MHA Home Team Departments.
- Collaborate with other cyber incident response agencies such as National Cyber Security Centre (NCSC), Government IT Security Incident Response (GITSIR) & Cyber-Watch Centre (CWC) to ensure proper incident closure and reporting to internal and external stakeholders.
- Review and update the MHA Security Incident Response Plan (SIRP) and incident response framework in consultation with various cybersecurity stakeholders across MHA Home Team Departments.

Managing SOC Operations
- Assist Head (Cybersecurity Operations) in managing a team Tier 1 & 2 analysts in MSOC Operations Room, in matters of manpower, training and operation issues.
- Stay abreast of emerging security threats, vulnerabilities and controls.
- Develop a threat management programme for MSOC operations, which may include trials with analytics tools, collaboration with other HTX teams on proof-of-concept projects, processing cyber-intel reports from OSINT and Government sources, etc.
- Review existing monitoring rules to respond to evolving cyber threats.
- Review SOP documents to ensure the effective and efficient monitoring operations of the SOC.

**What we are looking for**
- Tertiary qualification in Computer Science, Electronics Engineering or IT equivalent education and experience, preferably with advanced technical credentials.
- At least 2 years’ work experience in cyber-security and threat Intelligence related area preferably in large mission critical environment (e.g. Critical infrastructure systems), with experience in team management.
- Technical sound familiarity with predominant public cloud providers (AWS, Azure, GCP).
- At least 2 years of demonstrated work experience within private, public or hybrid clouds.
- Understanding of Industry trends in cloud technologies for private, public and hybrid cloud deployments.
- Certifications in CISSP, CCSP, GCIH or GSEC are preferred.
- Government Home Team Ops knowledge and good understanding of their systems & networks are preferred.
- Strong effective communications skills.
- Good time management and organizational skills.
- Strong troubleshooting and problem solving skills.
- A team player with the ability to work autonomously.

All new appointees will be appointed on a two-year contract in the first instance.