Senior Cyber Security Incident Responder

  • Sector: LMA Asia Technology
  • Contact: Cindy Nguyen
  • Contact Email: cindy.nguyen@lmarecruitment.asia
  • Client: LMA
  • Location: Singapore
  • Salary: Up to S$15000 per month
  • Expiry Date: 19 May 2022
  • Job Ref: BBBH370267_1645153563

Our client is a prominent Technology and Software company utilised by Multinational organisations across the globe.

Summary:
You will be an Investigator for their Global Security Operations team and will be a part of a global team of security practitioners to mature our client's security. You will be located in Singapore, one of the global security hubs, and reporting directly to the Head of Security Operations APJ. The main work will be to develop the SOC and DFIR functions as well as conducting and leading investigations and analysis.
This role will have the opportunity to work within Global Security functions and interacting in a complex and challenging environment to detect, react to and remediate cyber security incidents as well as to drive detection use case development forward.

The Role:

    • Conducts investigations and forensics on internal and cloud assets for the organisation and its line of businesses
    • Leads incidents of local and regional scale, sets investigations goals, and prioritizes tasks
    • Drives continuous improvement and increases efficiency through standardization and automation
    • Works independently and with management on highly visible and complex projects
    • Contributes to major, global scale incidents and crisis situations by conducting analysis and writing summaries or reports
    • Designs, implements, and verifies new detection mechanisms and queries
    • Mentors analysts and helps develop skills
    • Is part of a 24/7 follow-the-sun organisation



Requirements:

    • Degree in Computer Science or equivalent experience
    • Experience working in a 24/7 operational environment (Cyber Intelligence Fusion Center, SOC, NOC, Operations Center). Has Security certification (e.g., Security+, GCIA, GCIH, CISSP)
    • Knowledge in creation and maintenance of detection use cases and design of playbooks
    • Experience managing cases with enterprise SIEM or Incident Management systems (Information Security, Information Systems, Engineering, or related work experience)
    • Technology: Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artifacts, Unix/Linux file systems and memory artifacts, Mac file systems and memory artifacts, Cybersecurity automation, SIEM tools (Splunk, Loggly, Sumo Logic, LogZilla, jKool, QRadar)
    • TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP(S), SSH, RDP and SMB
    • Experience in network security and network systems including LANs/WANs/VPNs/Firewalls and IDS's
    • Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
    • Knowledge of APT actors; their tools, techniques, and procedures (TTPs), TTP methods and frameworks
    • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
    • Ability to summarize and communicate findings and issues concise and clearly.


Company Reg. No.: 201131609D | Licence No.: 11C4684 | EA Reg No.: R1440978