Job Title: Senior Cybersecurity Incident Response Specialist
Senior Cybersecurity Incident Response Specialist
Job Description:
The candidate will report to Team Leader of Incident Response Team and he/she will plan and oversee the performance of security response to security incidents in StarHub environment. He / She will present cyber-incident reports to senior leaders.
The candidate will identify and define cyber threats and its root causes. He / She will propose mitigation techniques and countermeasures as well as develops cyber security solutions to prevent future attacks. The candidate will develop and implement cyber incident response strategies.
The candidate is required to be on standby, with on-call availability with varied shifts including nights, weekends, and holidays.
The candidate is required to be familiar with industrial cyber security standards, protocols, frameworks and have good knowledge in using various cyber security tools and techniques to handle the cyber security incidents.
Responsibilities:
1. Develop and implement cyber incident response strategy
- Develop approaches to combat cyber threats and mitigate risks to information systems assets.
- Develop contingency and disaster recovery plans tailored specifically for every security incident.
- Establish incident response policies and standards for the organisation.
- Advise senior management on major information security-related risks and cyber incident response strategies.
- Responsible to ideate and recommend the use cases for the latest attacks
- Need to work closely with the different team within security functions for effective and proactive detection & response capability.
2. Manage cyber security incidents
- Communicate and escalate security activities to the leadership.
- Handle responses to cyber security incidents.
- Lead the recovery of contained cyber security incidents, following established processes and policies.
- Utilize appropriate cyber incident management techniques to resolve challenges.
- Experience in Investigating the Security incidents including malware analysis and Forensic analysis.
- Research, enrichment and qualification of potential threats using threat intelligence
- Should have good experience in the following Cyber tools - SIEM tools(QRadar,Splunk and etc),EDR, NDR, Proxy, WAF, Email gateway, Identity and etc.
3. Oversee cyber threat analysis
- Collect, analyze and store cyber threat intelligence information.
- Analyze past cyber-attacks to draw insights and implications on the organization.
- Recommend ways to enhance the resilience and security of IT systems.
- Propose mitigation techniques and countermeasures to ensure cyber threats are kept at a minimum.
Qualifications
Bachelor’s degree in computer science or related field, or a similar field. Should have minimum 3 to 7 years’ experience primarily in Cyber Incident response.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Continuous Monitoring Certification (GMON), Global Industrial Cyber Security Professional (GICSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA) or other similar credentials.
Experiences in following areas would be preferred:
1. Cyber Forensics
- Develop a digital forensic investigation plan, and integrate analysis of evidence, outlining key conclusions, insights and recommendations.
- Experience with one or more scripting languages (PowerShell, Python, Bash, etc).
2. Cyber and Data Breach Incident Management
- Develop incident management procedures and synthesise incident-related analyses to distil key insights, resolve incidents and establish mitigating and preventive solutions.
- Minimum 2-3 years of Information Security or Incident Response related experience.
3. Cyber Risk Management
- Assess and direct enhancements to cyber risk assessment techniques and develop strategies to address cyber security loopholes.
4. Security Assessment and Testing
- Design security testing plan, and perform advanced, authorised penetration testing as well as intelligence analysis on cyber-attack incidents.
5. Stakeholder Management
- Serve as the organisation's main contact point for stakeholder communications, clarifying responsibilities among stakeholders, and engaging them to align expectations.
6. Threat Analysis and Defense
- Examine malicious threat behaviour and capabilities, and circumvent anti-analysis mechanisms, recommending techniques to block malicious code and attacks.
- Experience in analyzing system and application logs to investigate security issues and/or complex operational issues. Hands on experience of any SIEM, Elasticsearch, Logstash, and Kibana (ELK), Entity Behavior Analysis (UEBA) technologies and/or log management solution and competent performing log analysis, data correlation, etc.
7. Threat Intelligence and Detection
- Develop strategies to monitor threats and project future technical cyber threat scenarios and present mission reports to key stakeholders.
8. General knowledge in mainstream operating systems (Windows, Linux, etc.), network protocols, security infrastructure, etc.
- Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artefacts, Unix/Linux file systems and memory artefacts, Mac file systems and memory artefacts, TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP and SMB, and etc.