The Mercedes-Benz Group AG CISO heads Mercedes-Benz’s Global Cyber Security Department (based in Stuttgart, Germany). Cyber Intelligence and Response Centre (CIRC) is responsible for providing Intelligence-driven approach towards Digital Forensics Incident Response (DFIR). The CIRC is a 24 by 7 follow the sun operations with counterparts in EMEA and NAFTA to provide holistic support towards incident management affecting our global Mercedes-Benz assets working closely with our threat intelligence team to monitor our global threat landscape.
Role and Responsibilities:
- Conduct technical analysis and triaging of triggering alerts ingested from Mercedes-Benz log sources to determine impact, scope of impact and determine corresponding remedial actions to mitigate, contain and/or otherwise limit the impact of the incident
- Analyzing, triaging and processing security threats to identify potential risk gaps and corresponding organizational impact by conducting in-depth analysis of the identified threat, attack vector or intelligence information
- Working closely with the CIRC threat intelligence team to aid in the enhancement of contextual analysis and providing threat hunting support towards Open Source Intelligence (OSINT) related Indicators of Compromise (IoCs)
- Acting as a point of contact towards Mercedes-Benz end users and stakeholders in providing cybersecurity incidents updates and other related activities that might arise from time to time during the incident coordination, remediation and recovery
- Provide duty analyst support for the CIRC operations during weekends, utilizing a pre-defined duty roaster, ensuring the continued operations and monitoring of threats and triggering alerts 24 by 7, follow the sun model
- Provide project coordination support to assigned projects by the Head of Global Defensive operations towards the roll out, implementation and acting as the point of contact for local stakeholders towards the implementation and coordination of the projects assigned
- Provide technical inputs towards the virtual teams as assigned by the Head of Global Defensive operations towards the operational directions, method determination and other related administrative support required from time to time
Education and Certifications:
- Degree from a reputable university or significant course work in Computer Science, Networking, engineering or other computer-related fields of study
- One or more of the following professional certification is beneficial: CISSP, GCIH or similar
Technical Skills:
- Experience with Threat Hunting techniques (endpoint and network data)
- Strong understanding of attack lifecycle and common attack vectors, tools and techniques
- Ability to leverage existing data to identify anomalies / IOA / TTP
- Ability to develop / maintain detection/prevention use cases
- Proficient understanding of cyber and IT security risk, threat and prevention measure
- Good understanding of Threat Intelligence utilization towards incident response
- Good knowledge of security standards and best practices
- Good understanding of various operating system
- Good understanding of the Cyber Kill Chain and the ability to display clear analytical skills
- Previous experience in a corporate or enterprise environment, engaging with and responding to a diverse array of internal stakeholders, including senior management
- Knowledge of Microsoft Office suite (Word, Excel, PowerPoint and Access)
- SIEM (Splunk ES) and EDR (CrowdStrike) experiences
- Good to have the following experiencesExperiences in leveraging AI / ML for Threat Hunting
- Experience with OT / ICS and Cloud environments
- Experience working with threat intelligence platforms and premium intelligence sources/feeds
Experience:
- Have good emotional intelligence and is a proven team player
- Rational and calm under pressure
- Fluency in the English Language
- Strong report writing and communication skills
- Good timekeeping ability to cope with a tight deadline and achieve operational objectives
- Self-motivated with the ability to carry out assigned tasks with minimum supervision
This position is based in location Singapore. A valid and approved work visa is required for employment in Singapore in accordance to local labour law regulations. We regret to inform you that only shortlisted candidates will be notified.
