Job Description

ALBS is an Air Liquide entity in Kuala Lumpur, regrouping for the APAC scope its Business Service Centers (Kuala Lumpur and Shanghai) as well as the two Global Functions (IT, Digital and Procurement). Designed to derive optimal value by better leveraging technology, people and competencies, the ultimate goal is to boost efficiency and deliver outstanding and sustainable performance while keeping a strong focus on customer centricity. This Organization is striving for excellence, adopting the Best in Class models to deliver value through simplification and standardization of processes, while adhering to Internal controls and compliance requirements.

The CSIRT (Computer Security Incident Response Team) is responsible for the management of security incidents for the whole group. The CSIRT has offices in Paris, Houston, Radnor and Singapore.

How will you CONTRIBUTE and GROW?

The missions are:

• Incident handling: Alert qualification: a first level of qualification is done by the L1/L2 teams of our MSSP and advanced qualification is done by CSIRT analysts before generating an incident
• Investigation: Incidents are investigated by members of the CSIRT (L3) in coordination with the local security officers in order to define the exact scope of the incident. The CSIRT analyst defines for each incident an action plan which aims to collect the artifacts needed on suspicious assets, replay binaries to extract the IOC (Indicator of Compromise), contact local teams of the group for obtaining additional information, \xe2\x80\xa6
• Remediation: the CSIRT analyst also defines the remediation action plan for a return to normal and pilot remediation actions with technical teams
• Writing procedures (industrialization): CSIRT analysts enrich existing standard operating procedures (SOP) or create new ones, develop global playbooks, document the IT context of our information system, develop scripts and processes to automate activities
• "Sanitary" actions: conduct actions to limit or eradicate inappropriate behaviors which are not malicious but generate false positives
• User awareness: during qualification and incident handling, remind users of the group security policies and of best practices
• Hunting: CSIRT analysts with the tools at their disposal (SIEM, IDS, PROXY, EDR) identify weak signals
• Monitoring optimization: CSIRT analysts propose evolutions to our monitoring rules and processes
• CSIRT tooling: the CSIRT has its own infrastructure (monitoring, malware analysis) and CSIRT analysts are involved in its maintenance and evolution by keeping it up and running, by adding new features or new tools (sandbox, scripts)

Are you a MATCH?

• BSC / MSC in the field of IT security component or with a similar experience
• 5-8 years of experience in security operations (with at least 2 years in a CSIRT/CERT/SOC position)
• Good knowledge of traditional safety equipment (Firewall, proxy, reverse proxy, VPN, etc.)
• Understanding of the generated logs and security architectures.
• Good knowledge of security issues (attacks, vulnerabilities, etc.)
• Good knowledge of standard protocols (HTTP, FTP, FTP, DNS, SSL, etc.)
• Good knowledge of Windows / Linux architectures
• Knowledge of AWS security and/or industrial IT security would be a plus
• Excellent communication skills (oral and written)

About Air Liquide

A world leader in gases, technologies and services for Industry and Health, Air Liquide is present in 78 countries with approximately 64,500 employees and serves more than 3.8 million customers and patients. Oxygen, nitrogen and hydrogen are essential small molecules for life, matter and energy. They embody Air Liquide\xe2\x80\x99s scientific territory and have been at the core of the company\xe2\x80\x99s activities since its creation in 1902.

Our Differences make our Performance

At Air Liquide, we are committed to build a diverse and inclusive workplace that embraces the diversity of our employees, our customers, patients, community stakeholders and cultures across the world.

We welcome and consider applications from all qualified applicants, regardless of their background. We strongly believe a diverse organization opens up opportunities for people to express their talent, both individually and collectively and it helps foster our ability to innovate by living our fundamentals, acting for our success and creating an engaging environment in a changing world.

Air Liquide