Job Description

Responsibilities

You must develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure. You should develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure. You are expected to develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks. You should be able to develop and maintain SIEM queries, dashboards, reports, and alerts customized to security operations and threat detection use cases. You are expected to conduct ad hoc and periodic compromise assessments of company networks and systems and report on findings. You must support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed. You should conduct threat hunting on systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats. You must analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent, as well as analyse artefacts and logs to determine malicious intent and/or scope of incident. You must report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners, and other stakeholders. You are expected to create rules to detect adversary TTP on systems and network. You must evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times. You should be able to conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes. You must work closely with other teams including IT Security Engineers regarding improving detection/blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures. You should be able to utilize scripting/programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency. You must configure risk-based alerts and defining response playbooks. You should be able to execute threat hunting assignments and providing update reports with recommendations for security improvement. You must represent the IR team in cyber drill exercises. You should be present whenever required for incident response, when required. You must be capable of mentoring IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis. You are expected to work with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms. You should be able to review and improve CSIRT Incident management processes continuously. You are playing the role of acting Incident Response manager/lead, in his/her absence.

Job Requirement

Bachelor's Degree in Computer Science or Information Technology majoring in Cybersecurity, Networking or any related field. Certifications in SANS GIAC Certified Incident Handler / SANS GIAC Reverse Engineering Malware / Certified Ethical Hacker (CEH) are an advantage. Hands on experience with CompTIA CySA+. Has working experience in DFIR is an advantage.
Job Type: Full-time

Pay: RM8,500.00 - RM9,000.00 per month

Work Location: In person