Threat Analytic Team Lead

  • Competitive
  • Singapur, Singapore
  • Festanstellung, Vollzeit
  • Morgan McKinley Singapore
  • 09 Dez 18

Threat Analytic Team Lead

Responsibilities:

  • This role supports the 24/7 coverage
  • Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical summaries
  • Produce analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further detection
  • Monitor external, internal and open source feeds for relevant cyber threats, incidents and /or cyber activity
  • Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artefacts, observables, and IOCs.
  • Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
  • Develop and maintain behavioural- and signature-based threat-driven use-cases.
  • Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
  • Develop threat hunting programme and have it deployed globally.
  • Evaluate the threat landscape and develop short- and long-term security requirements.
  • Participate in the testing and integration of new security monitoring tools

Requirements:
  • Any of the following certification is highly advantageous: Security+, CASP, CISM, CEH, GIAC, CISSP, GCIH, GCFE, GCFA, GREM, GNFA
  • Identify new opportunities for strategic directions and innovation based on existing and emergent cyber threat concepts.
  • Experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
  • Experience working in an information or cyber security operations related field in an enterprise environment.
  • Experience in managing/working with Network Detect/Protection System (NIDS and NIPS) technologies.
  • Ability to review threats intelligence report around TTPs correlated it with existing data sources/points and deliver use-cases to detect such threats.
  • Knowledge in working with Splunk is a must.
  • Experience analysing customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression.
  • Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
  • Specific knowledge of network analysis tools (e.g. Wireshark), Tanium, Splunk, FireEye, FireSight, Proofpoint, Tenable, Security Center and Splunk Stream
  • Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc