Assistant Vice President - IT Security (Senior Threat Hunting and Incident Response Analyst)
Carry out Threat Hunting, Threat intelligence and Incident Response functions to detect and respond to advanced cyber threats. The Job
Cyber Threat Hunting and Incident Response
- Performs proactive threat hunting within on-premise and cloud environments to uncover indicators of threat activities.
- Performs digital forensic preservation, legal documentation and electronic discovery for incidents and investigations.
- Protect enterprise systems and information by promptly responding to security threats and incidents as part of a team to resolve issues.
- Formulate hypothesis based on anomalies and suspicions to develop hunts.
- Validate hypothesis and identify threat actor groups based on their techniques, tools and procedures.
- Detect, disrupt and eradicate threat actors from enterprise and networks.
- Actively develop hunts, translate them into an iterative process, and deploy them in Endpoint Detection and Response (EDR) solutions.
- React to EDR based alerts and perform forensic investigation.
- Develop and mature new and existing solutions for threat hunting detection capabilities.
- Keep abreast in the development and advancement in cybersecurity technology and the Cyber Threat Intelligence landscape.
- Leverages internal and external resources to research threats, vulnerabilities and intelligence on various threat actors and exploitation tools and platforms.
- Work closely with SOC and other teams in CSIRT during incident response to contain and mitigate attacks.
Cyber Threat Intelligence
- Focus on the collection and analysis of information about current and potential attacks that threaten the safety of GEH and its assets.
- Applies sectoral and organisational (GEH) context to global, regional and local threat intelligence to identify potential cyber threats and determine levels of risk relevant to GEH.
- Perform sense making based on threat actor TTPs (Tactics, Techniques and Procedures), technical indicators of compromise, cyber-attack trends, on collected threat intelligence to identify potential attack campaigns and gather situational awareness to enrich cyber threat landscape for GEH.
- Proactively identify and provide threat insights to improve overall cybersecurity risk posture strategically.
- Performs operational threat assessment from threat intelligence received and collected.
- Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
- Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
- Highlights any potential concerns /risks and proactively shares best risk management practices.