Provide leadership in cyber threat and incident management and investigation
Review, triage, analyse (including forensics), respond and recover from suspicious events and security incidents
Analyse and assess vulnerabilities, IOCs, cyber security intelligence, forensics and open source information to validate security risk and impact to The Group and recommend appropriate countermeasures,
Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.
Keep abreast of new and emerging cyber risks, attack vectors etc and assess impact.
Recommend and implement tools to enhance The Group’s breach/compromise protection and detection.
Conduct periodic vulnerability assessments, penetration test and red/blue teaming exercise.
Conduct cyber incident response exercise and drills
Develop and maintain cyber incident response and handling playbook for various threat scenarios.
Degree holder with minimum 10 years of working experience in IT with at least 6 years relevant cyber incident response and investigation experience
Strong experience analysing raw log files (i.e. firewall, IDS, PCAP, system logs), performing data correlation, analytics and using Splunk SIEM and compromise detection tools.
Experience in leading incident investigations
Strong understanding of Windows and Unix operating systems and command line tools, network protocols, TCP/IP fundamentals, and security infrastructure.
Knowledge of technological trends and developments in the area of cyber security, risk management, threat hunting.
Scripting experience for analysis and automate repeatable processes.
Relevant industry certifications such as CISSP, CCNA-Security, Security+, GCIH, GIAC
Good written skills and able to effectively communicate security and risk-related concepts to technical and non-technical audiences.
Able to work independently and in a team-oriented, collaborative environment.