Job Duties:
• Perform real-time analysis and trending of security log data from various security devices and systems.
• Maintain data sources feeding the log monitoring system, develop and maintain detection and alerting rules.
• Respond to user incident reports and evaluates the type and severity of security events.
• Execute initial triage of incidents to rule out false positives.
• Identify recurring security issues and risks and develops mitigation plans and recommends process improvements.
• Interpret and apply security policies and procedures.
• Establish escalation processes for security incidents and develops contingency plans and disaster recovery procedures.
Job Requirements:
- Good knowledge of IT security controls, patch management and be involved in operations of Enterprise ICT infrastructure.
- Working experience and fine-tuning/whitelisting with SIEM, EDR, WAF, DAM, IPS/IDS and Anti-Malware systems.
- Experience in Use case creation, log source enablement for SIEM and automation with SOAR.
- Threat Hunting and spoofed email analysis.
- Experienced with security practices of Internet, Intranet, WAN and Cloud networks.
- Good knowledge of Network, Architecture and Windows/Linux OS fundamentals e.g. IP addressing, AD, DNS, DHCP, IIS, MSSQL and SFTP.
Knowledge in the following area will be an added advantage:
- Must have working experience in security operations centre, ICT project implementations and support.
- Must have hands-on practical experience in configuring and monitoring security systems including SIEM, EDR, WAF, DAM, Anti-malware, Log Management System, Intrusion prevention/detection systems, security patch management and security incident response.
- Experience in IM8 compliance or other cyber security frameworks e.g. NIST, ISO 27001, CIS. Experience in Windows/Linux Hardening. Security testing knowledge or certification for vulnerability assessment, penetration test and source code review will be a strong advantage.