[Get to know the Role]
- Responsible for supporting day-to-day cyber security operations of Digibank (DB).
- Provide 1st level subject matter expertise to DB’s Incident Management team during emergencies.
- Develop, update and test cyber incident response playbooks and procedures.
[The day-to-day activities]
- Performs monitoring, assessment and analysis on perimeter controls including anomaly detection systems, firewalls and networks.
- Follow predefined actions to handle security alerts including escalating to relevant teams and other support groups.
- Perform assessment and containment phase of vulnerability and threat management processes.
- Plan, develop, update and test incident response playbooks and procedures.
- Support the SOC as a subject matter expert in incident response, orchestration and automation.
- Work with threat intelligence and threat hunting teams to identify suspicious and anomalous activities.
- Monitor, investigate, analyze, and remediate or escalate indications of compromise or breaches impacting systems and applications.
- Provide regular and ad-hoc security incident related metrics.
- Support incident reporting to regulators as required.
- Maintain knowledge of current and emerging cyber threats and trends; as well as establish relationships with other incident response professionals, industry partners and vendors.
- Based on root cause analysis, work with respective team members to create and test countermeasures to mitigate recurring incidents.
[The must-haves]
- 5+ years experience in security operations/SOC, preferably with incident management experience.
- Experience in the banking industry will be an advantage.
- Familiar with industry-standard security tools: NIDS/HIDS, NIPS/HIPS, WAF, NGFW, AV, FIM, EDR, IPSEC, SSL, SIEM and SOAR.
- Critical thinker who can analyze, contextualize and correlate basic Indicators of Compromise (IOC) on hosts and applications.
- Able to perform basic forensic analysis and triage of hosts which includes examining running processes, network connections, system logs, file system activities, etc for signs of anomalous behavior.
- Must be able to understand and, if needed, develop code for both analysis and automation. Knowledge in Python, Javascript, etc is a plus.
- To serve as the escalation point for the DB CISO team.
- Able to work under pressure during critical situations.
- Able to communicate effectively with peers and stakeholders.
- Able to perform vulnerability assessment and manage such tools/processes.
- Familiarity with penetration testing and red teaming.
- Hold at least one of the following certifications from EC-Council, GIAC and (ISC)² namely CISSP, C|EH, GCIA, CCNA.
Join Grab on an incredible mission - click "I'm Interested"!