Responsibilities
- Setup and operating Managed Endpoint and Detection Response (MDR) program and proposing enhancement to achieve better efficiency/ effectiveness
- Operating Network Traffic Analytics (NTA) program, identification of abnormalities in client's environment
- Performs threat hunting within the clients technology environments to uncover indicators of threat activities
- Performs digital forensic preservation, legal documentation and electronic discovery for incidents and investigations
- Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)
- Supports the identification and documentation of Indicators of Compromise (IoCs)
- Leverages internal and external resources to research threats, vulnerabilities and intelligence on various threat actors and exploitation tools and platforms
- Use an analytics platform to identify threats in the available information repositories
- Perform threat research to identify potential threat vectors and work with multi-disciplines to improve prevention and detection methods
- Identify gaps in an organisation's measurement metrics, telemetry and logging capabilities and propose enhancement strategies to achieve the intended outcomes
- Work with client's appointed Incident Response Management team for cyber security incidents such as data security breach, Advanced Persistent Threat (APT)
Requirements
- Bachelor's Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or other equivalents
- Has proper understanding of MITRE ATT&CK, attackers possible TTPs
- 1 to 3 years of experience with threat hunting
- 1 to 3 years of experience in incident response handling
- 1 to 2 years of experience with digital forensics investigations
- Experience in consulting, including both internal and client facing experiences
Preferred Skills /Qualities
- 1 to 3 years of experience supporting or providing expert witness testimonials
- 1 to 3 years of experience in data analysis, log analysis and malware analysis.
- Experience with research, technical and business documentation and analysis
- Ability to demonstrate flexibility, initiative and innovation in dealing with ambiguous, fast-paced situations
- Ability to show proficiency in Microsoft Office, Power BI and Tableau
- Ability to show proficiency in Forensic Toolkits, e.g. EnCase Forensics, FTK Forensics, Magnet Forensics and Write Blockers
- Ability to show proficiency in reverse malware engineering tools, e.g. IDA Pro
- Ability to show proficiency in programming and scripting, e.g. Java, .NET Programming, Python & PERL scripting, etc
- Possession of excellent presentation and briefing skills
- Possession of excellent oral and written communication skills
- Professional certifications, including EnCE, GCIH, GCFE, GCFA, GREM, GNFA, GASF, GCTI, CISSP, or other SANS certifications
