Senior Security Analyst - L4RV4XX5
Kuala Lumpur , Kuala Lumpur
Created Wed, 25 May 2022
Job Responsibilities:
- Work in 24x7 shift to handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.
- Escalate critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.
- Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation
- Go that extra mile to proactively work with customer to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.
- Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
- Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.
- Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.
- Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.
- Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.
- If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.
- Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and customer requests
- Go that extra mile to proactively work with customer to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.
- Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
- Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.
- Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.
- Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.
- Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.
- If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.
- Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and customer requests
2.0 Required Qualifications:
- Essential
- Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information security.
- Excellent hands on experience in implementations, incident analysis of IBM QRadar, Alienvault SIEM technologies and should hold relevant vendor certifications.
- Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Cisco AMP for endpoint.
- Hands on experience on email security solutions. Preferred if that is on Cisco Email Solutions.
- Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
- Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.
- Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.
- Candidate should have at least one SANS certification. Preferred if that is GCIH
- Good understanding of basic network concepts and advantage if exposure to cloud technologies.
- Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards
- Excellent soft skills in English and advantage if can speak Mandarin.
- Desirable
- Advantage if have hands on experience in performing vulnerability assessments and presenting to customer business teams
- Experience in penetration testing and report drafting
- Experience in Forensics and Incident Response
- Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds.
- Having experience in security standards viz., ISO 27001:2013, NIST, CIS etc