Cyber Threat Analyst

Position Summary

As a Cyber Threat (SOC) Analyst, you are required to use data collected from a variety of cyber defense tools such as intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyse events that occur within the Company’s environment.

You are also required to perform 24x7 monitoring on both internal and external sources to maintain current threat condition and determine which security issues may have an impact on the Company and provide accurate evaluation of the incident for escalation.

Responsiblities:

• Responsible for round-the-clock surveillance of the Company's information assets using various cyber defense tools to monitor internal and external sources
• Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
• Use cyber defense tools for continuous monitoring and analysis of system activities to identify malicious activity
• Analyse and respond to threats, software, and hardware vulnerabilities
• Develop scripts, fine-tuning SIEM rules and solutions to automate the triage and analysis process
• Provide incident response (IR) support when required
• Produce actionable cyber threat intel from various threat intelligence sources, both open and commercial sources
• Actively hunt for indicators of compromise (IOCs) and threat actor groups and tactics, techniques, and procedures (TTPs) in the environment

Requirments:

• Degree or Diploma in Computer Science, Computer Engineering, or Information Security related fields
• At least 2 years of experience working in a Security Operation Centre (SOC) or Computer Emergency Response Team (CERT/CIRT)
• Strong ability to interpret the information collected by network tools (e.g., ping, traceroute, nslookup)
• Security certifications (e.g. GSEC, GCIH, GCIA, GCTI, GCFA, GCFE, GNFA) and scripting capabilities (i.e. Python, Bash or PowerShell) are a plus
• Working experience with OWASP Top 10, CVSS, MITRE ATT&CK framework, Cyber Kill Chain and DevSecOps strongly preferred
• Good knowledge of different types of network communication (e.g., Local Area Network, Wide Area Network, Metropolitan Area Network, Wireless Wide Area Network, Wireless local Area Network)
• Good knowledge of incident response and handling methodologies
• Able to work 12-hours shift but shift patterns may change according to business needs