Information Technology - Cyber Security Lead (Threat Management and Incident Response)
You will be responsible for the
- Provide leadership in cyber threat and incident management and investigation
Oversee daily IT Security operations while actively monitoring emerging threats and security technologies.
- Manage the internal security operations team and external security service providers.
- Work with internal stakeholders such as the applications, network and systems team for investigations
- Take on the role of Cyber Incident Response Team (CIRT) manager.
- Review, triage, analyse (including forensics), respond and recover from suspicious events and security incidents
- Analyse and assess vulnerabilities, IOCs, cyber security intelligence, forensics and open source information to validate security risk and impact to SIA Group and recommend appropriate countermeasures.
- Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.
- Keep abreast of new and emerging cyber risks, attack vectors etc and assess impact to SIA.
- Produce metrics and develop dashboards to identify potential threats, suspicious/ anomalous activity, malware, etc.
- Recommend and implement tools to enhance SIA Group’s detection, response and recovery functions.
- Conduct cyber incident response and red/blue teaming exercises and drills to ensure response times and procedures are acceptable.
- Develop and maintain cyber incident response and handling playbooks for various threat scenarios.
- Degree holder with minimum 10 years of working experience in IT with at least 6 years relevant cyber incident response and investigation experience.
- Strong experience analysing raw log files (i.e. firewall, IDS, PCAP, system logs), performing data correlation, analytics and using Splunk SIEM and compromise detection tools.
- Strong understanding of Windows and Unix operating systems and command line tools, network protocols, TCP/IP fundamentals, and security infrastructure.
- In-depth knowledge of cyber kill chain/MITRE ATT&CK framework, threat vectors, risk management, incident management, etc.
- Knowledge of technological trends and developments in the area of cyber security, risk management, threat hunting.
- Relevant industry certifications such as CISSP, CISM, OSCP, GCIH.
- Good written skills and able to effectively communicate security and risk-related concepts to technical and non-technical audiences.
- Able to work independently and in a team-oriented, collaborative environment.