Job Details



Refer Job: Send to a Friend
  • Share this on Facebook
  • Share this on LinkedIn

Add Add to Saved Jobs

Back

Information Technology - Cyber Security Lead (Threat Management and Incident Response)

Job Description

You will be responsible for the following:

  • Provide leadership in cyber threat and incident management and investigation
    Oversee daily IT Security operations while actively monitoring emerging threats and security technologies.
  • Manage the internal security operations team and external security service providers.
  • Work with internal stakeholders such as the applications, network and systems team for investigations
  • Take on the role of Cyber Incident Response Team (CIRT) manager.
  • Review, triage, analyse (including forensics), respond and recover from suspicious events and security incidents
  • Analyse and assess vulnerabilities, IOCs, cyber security intelligence, forensics and open source information to validate security risk and impact to SIA Group and recommend appropriate countermeasures.
  • Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.
  • Keep abreast of new and emerging cyber risks, attack vectors etc and assess impact to SIA.
  • Produce metrics and develop dashboards to identify potential threats, suspicious/ anomalous activity, malware, etc.
  • Recommend and implement tools to enhance SIA Group’s detection, response and recovery functions.
  • Conduct cyber incident response and red/blue teaming exercises and drills to ensure response times and procedures are acceptable.
  • Develop and maintain cyber incident response and handling playbooks for various threat scenarios.

 Requirements

  • Degree holder with minimum 10 years of working experience in IT with at least 6 years relevant cyber incident response and investigation experience.
  • Strong experience analysing raw log files (i.e. firewall, IDS, PCAP, system logs), performing data correlation, analytics and using Splunk SIEM and compromise detection tools.
  • Strong understanding of Windows and Unix operating systems and command line tools, network protocols, TCP/IP fundamentals, and security infrastructure.
  • In-depth knowledge of cyber kill chain/MITRE ATT&CK framework, threat vectors, risk management, incident management, etc.
  • Knowledge of technological trends and developments in the area of cyber security, risk management, threat hunting.
  • Relevant industry certifications such as CISSP, CISM, OSCP, GCIH.
  • Good written skills and able to effectively communicate security and risk-related concepts to technical and non-technical audiences.
  • Able to work independently and in a team-oriented, collaborative environment.