Job Description

:

Lead Threat Detection & Response Engineer

The Role:

You\xe2\x80\x99ll be part of an exciting team that is responsible for the Grab Cyber Defence functions. The Cyber Defence team is responsible for external threat detection, incident response, threat intelligence, threat hunting, red teaming, insider abuse and insider fraud detection.

Summary:

As a Principal / Lead Threat Detection and Response Engineer at Grab, you are a team player and responsible for monitoring, detecting, and responding to potential threats against Grab\xe2\x80\x99s networks around the world. You would be seen as one of the go-to person for one or preferably more of the following such as building Cyber threat detections, responding to Cyber threats, forensic analysis, malware analysis, automating current manual processes and building new solutions to solve the above problems.

Self motivated, you hunt actively hunting through our environment for undetected suspect activity and drive your findings to a post mortem. You\xe2\x80\x99ll use tried and true techniques, tools, and best practices and also invent new ones along the way. You\xe2\x80\x99ll be surrounded by smart, driven people who all care about Grab\xe2\x80\x99s mission and information security.

You enjoy engaging with senior and junior staff members and look for opportunities to scale up those around you. You have good public speaking, presentation and written skills and may have presented in conferences.

The day-to-day activities:

Generate: alert criteria for Cyber intrusions and push them to production. Also produce decision criteria and playbooks for alerts, automating as much as possible.

Mature: existing detection rules, and create automated tests and automation workflows to improve the overall detection capability.

Identify: gaps in the current logging capability and suggest mechanisms to remediate these gaps.

Hunt: Be proactive and use the latest threat intel and/or best practices to hunt down potentially malicious activity in our network.

Respond: When an incident occurs, you will be on the front lines of response for the entire company.

Advise: Help us pick the best solutions to nascent problems - vendors, processes, training, etc. You will use your expertise to shape the future of the team.

Engage: Enjoy working collaboratively in a close-knit team to address their security challenges while understanding business needs.

Requirements:

Ability to contribute to rotating on-call Incident Response roster

Strong, proven track record of delivering results in fast-paced, resource-scarce environments. Assume your favourite tool is not available but that you have the chance to learn a new one.

Ability to handle stress effectively and maintain strong output during an incident

Ability to effectively communicate findings to both technical and non-technical audiences

Curiosity and a relentless drive to understand how networks work and how they can be abused.

Cloud expertise - be able to stand toe to toe with our IT and infrastructure teams while bringing an investigator\xe2\x80\x99s mindset to the mix.

Development - Proficient in using languages like Python or Go to automate tasks and process large amounts of messy data.

Platforms: Developing security rules in a SIEM platform, workflows in a SOAR platform and working knowledge of cloud platforms.

Threat Detection and Incident Response experience - experience conducting IR in cloud environments, experience with multiple security tools/systems/logs (network, EDR, WAF, OS etc.), working knowledge of frameworks such as ATT&CK and kill-chain and strong communication skills. Able to perform incident root cause analysis to identify intrusion vectors and recommend compensating controls to prevent similar future intrusions.

Relevant industry certifications - SANS GCIH, GMON, GCIA, security certs for cloud providers (AWS, Azure, GCP), SIEM certs, etc.

Working collaboratively with other team members

Mentor new and junior team members

Grab