Responsibilities:
- Proven experience using analytical and data visualization tools to automate the analysis and provide insights of large dataset and correlate with SIEM and other sources of information (such as UBA, Directory services, Cloud Trail logs) and conduct investigative works into all traffic anomalies against established, historical baselines to identify the root cause to an incident.
- Responsible for continuous monitoring, tracking and closure of security events and requests from managed SOC, systems and users.
- Work with the Incident Manager in incident response to minimize the impact of a security incident to our organisation.
- Responsible to enhance and drive improvements of SOC detection and response playbooks, and design new security incident playbooks, process and operational procedures, including providing communications with other teams, evidence collection and other documentation.
- Knowledge of using AI-driven and Machine Learning tools to monitor and analyse real-time security investigations to initiate triage, containment and remediation of security threats.
- Knowledge in ethical hacking to identify potential threats and expose vulnerabilities to protect the organisation from malicious attackers.
- Participate in various Cybersecurity exercises such as Cyber Ranges and BCP.
- Renewal of Cybersecurity tools maintenance.
- Provide reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.
Qualifications:
- Minimum of (3) three years direct Information Security experience as a SOC security analyst, incident response analyst or handler, or a similar role, preferably with incident management experience in a Financial Institution SOC environment.
- Strong practical experience in analysing logs from various cyber security tools (such as IPS, Firewall, Endpoint, EDR, AV) in SIEM for potential security incidents and events triaging.
- Strong understanding of different attacks and TTP on Systems, Network, Applications in on-premise and cloud environment (eg AWS, Azure and Google).
- Malware triage and analysis capability will be an advantage.
- CEH, SOC ANALYST (CSA), GIAC Incident Handler certified is preferred.
- CISSP, Cybersecurity Defence Analyst is an advantage.