Roles/Responsibilities:
· Design, build, and operate advanced proactive threat detection capabilities against sophisticated and stealthy cyber threats.
· Monitor and analyse cyber intrusion activities, as well as assist in isolating and mitigating active cyber threats.
· Perform malware analysis in support of cyber investigations, perform root cause analysis, and contribute towards efforts to close a cybersecurity incident.
· Independently analyse potential malware samples using static and dynamic malware analysis tools/techniques to identify malware behaviour and purpose, as well as extract indicators of compromise.
· Collaborate with threat intelligence analysts to perform further threat analysis, and correlate malware samples found with possible threat actors.
· Collaborate with threat detection engineers to create detection models to identify and neutralise similar malware/threat activities in our environment, as well as update the knowledge base.
· Document investigation findings clearly and concisely.
· Develop/review threat detection and malware analysis SOPs/playbooks.
· Keep up-to-date with the latest threat actor Tactics, Techniques and Procedures (TTPs).
· Maintain the malware analysis and reverse engineering lab environment.
· Track and analyse threat/malware-related cybersecurity metrics for optimal effectiveness, benchmarking, and management reporting.
Requirements/Qualifications:
· At least 10 years of hands-on technical cybersecurity experience with demonstrable skillsets in threat hunting, malware analysis, threat intelligence, incident response, and/or other technical investigation roles.
· Self-motivated and detail-oriented, with strong analytical and investigative skills.
· Able to remain calm under pressure.
· Good collaborative and communication skills.
· Familiar with the Cyber Kill Chain, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF), and other cybersecurity frameworks.
· Familiar with the latest APT TTPs.
· Familiar with malware behaviours, such as different types of injection, registry persistence, etc.
· Able to overcome different types of obfuscation, encoding, and encryption.
· Able to reverse 64-bit malware, C++ binaries, and other types of malware.
· Able to intercept and analyse network traffic to derive additional insights and indicators of compromise from malware samples.
· Diploma/degree in cybersecurity or a related field.
· Technical cybersecurity certifications (e.g. GCIA, GCFA, GNFA, GREM, OSCP, etc) will be an advantage.
