Executive / Senior Executive, Digital Forensic & Incident Response (L3) I IT Security

Key Responsibilities:

• Develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure.
• Develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure.
• Develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks.
• Develop and maintain SIEM queries, dashboards, reports, and alerts customized to security operations and threat detection use cases.
• Conduct ad hoc and periodic compromise assessments of Maybank networks and systems and report on findings.
• Support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed.
• Conduct threat hunting on Maybank systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats.
• Analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent.
• Analyse artefacts and logs to determine malicious intent and/or scope of incident.
• Report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners and other stakeholders.
• Create rules to detect adversary TTP on Maybank systems and network.
• Evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times.
• Conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes.
• Work closely with other teams including IT Security Engineers regarding improving detection/blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures.
• Utilizing scripting/programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency.
• Configuring risk based alerts and defining response playbooks.
• Executing threat hunting assignments and providing update reports with recommendations for security improvement.
• Representing the IR team in cyber drill exercises.
• Being present whenever required for incident response, when required.
• Mentor IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis.
• Working with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms.
• Reviewing and improving CSIRT Incident management processes continuously.
• Playing the role of acting Incident Response manager/lead, in his/her absence.

Key Requirements:

• Bachelor’s Degree in Computer Science or Information Technology majoring in Cybersecurity, Networking or any related field.
• Certifications an advantage - SANS GIAC Certified Incident Handler / SANS GIAC Reverse Engineering Malware / Certified Ethical Hacker (CEH).
• CompTIA CySA+.
• Job experience in DFIR an advantage.

Key Responsibilities:

• Develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure.
• Develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure.
• Develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks.
• Develop and maintain SIEM queries, dashboards, reports, and alerts customized to security operations and threat detection use cases.
• Conduct ad hoc and periodic compromise assessments of Maybank networks and systems and report on findings.
• Support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed.
• Conduct threat hunting on Maybank systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats.
• Analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent.
• Analyse artefacts and logs to determine malicious intent and/or scope of incident.
• Report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners and other stakeholders.
• Create rules to detect adversary TTP on Maybank systems and network.
• Evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times.
• Conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes.
• Work closely with other teams including IT Security Engineers regarding improving detection/blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures.
• Utilizing scripting/programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency.
• Configuring risk based alerts and defining response playbooks.
• Executing threat hunting assignments and providing update reports with recommendations for security improvement.
• Representing the IR team in cyber drill exercises.
• Being present whenever required for incident response, when required.
• Mentor IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis.
• Working with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms.
• Reviewing and improving CSIRT Incident management processes continuously.
• Playing the role of acting Incident Response manager/lead, in his/her absence.

Key Requirements:

• Bachelor’s Degree in Computer Science or Information Technology majoring in Cybersecurity, Networking or any related field.
• Certifications an advantage - SANS GIAC Certified Incident Handler / SANS GIAC Reverse Engineering Malware / Certified Ethical Hacker (CEH).
• CompTIA CySA+.
• Job experience in DFIR an advantage.