As a Cyber Threat (SOC) Engineer, you will use various cyber defense tools (e.g., intrusion detection, firewalls, system logs) to monitor and analyze events within the company's environment. You’ll ensure effective 24x7 monitoring of both internal and external sources to identify security threats and assess incidents for escalation. Familiarity with Cyber Security Act 2018, Cybersecurity Code of Practice, and MAS guidelines is required.
Key Responsibilities:
- Continuously monitor and analyze system activities to detect threats and vulnerabilities.
- Review and improve monitoring operations for relevance and adequacy.
- Develop scripts, fine-tune SIEM rules, and automate processes to enhance threat detection and response.
- Identify and prioritize security weaknesses, collaborating with IT teams to remediate vulnerabilities.
- Actively hunt for Indicators of Compromise (IOCs) and analyze threat actor tactics (TTPs).
- Respond to escalated security incidents, supporting 24x7 monitoring, response, and reporting.
- Conduct forensic investigations, analyzing data and digital evidence.
- Prepare detailed incident reports with technical analysis and remediation recommendations.
Requirements:
- Degree/Diploma in Computer Science, Computer Engineering, or Information Security.
- 5+ years’ experience in SOC or CERT/CIRT, with strong knowledge of SIEM/SOAR and defense solutions.
- Familiarity with MAS guidelines, Cyber Hygiene Notice, and Cybersecurity Code of Practice.
- Proficiency in using network tools (ping, traceroute, nslookup).
- Experience with OWASP Top 10, CVSS, MITRE ATT&CK, and DevSecOps.
- Strong knowledge of Microsoft, UNIX, and Linux environments, and network communications.
- Experience with incident response methodologies and scripting (Python, Bash, PowerShell) is a plus.
- Certifications like GSEC, GCIH, GCIA, or similar are advantageous.
- Strong problem-solving, communication, and presentation skills.
