• Analyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting.
• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means
• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting
• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds
• Perform monitoring, research, assessment and analysis on alerts from various security tools, including IDPS tools, SIEM, Anomaly detection systems, firewalls, antivirus systems, user behaviour analytics tools, endpoint inspection, and proxy devices.
• Follow pre-defined actions to investigate possible security incidents or... perform incident response actions, including escalating to other support groups.
• Maintains standard operating procedures (SOP), processes and guidelines.
• Manage threat intelligence function encompassing threat intelligence feeds data collection, adversary analysis, cyber attribution capabilities and disseminating threat intelligence.
• Ensure proper functioning of systems in the Security Operations Centre.
• Enhance and Build Cyber threat detection use cases and assist in analysing & reducing false positive.
• Work with internal experts/external vendors to resolve technical issues.
• Prepare Incident Reports on high severity incidents.
• Support the development and enhancement of SOC incident response capabilities.
• Build and lead enhancements on incident response life cycle, security tools, SOAR playbook, IR runbooks and security processes for daily security operations.

Requirements
• Diploma/Degree in Information System/Information Security from a recognized institution. Strong knowledge on TCP/IP, Networking, Operating Systems and Cyber Security Concepts.
• Strong level of exp with and understanding of firewalls, Antivirus and endpoint detection.
• Good working knowledge of Linux including the ability to run command lines, editing files and scripting.
• Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
• Solid understanding of various SIEM concepts such as correlation, aggregation, normalization, and parsing is preferred
• Hands-on exp in any major SIEM technologies: Eg Splunk, Qradar, ArcSight, Log rhythm is an advantage.
• Solid understanding of threats reported by various data sources such as IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
Singapore

Salary Criteria