Enterprise Threat Management and Security Architecture (ETMSA) Engineer

As a member of the ETMSA team at Crypto.com, you will play a vital role in managing cybersecurity threats and incidents throughout their lifecycle—covering Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned—collaborating with a global team of incident responders.

You will utilize your skills in cyber defense, digital forensics, log analysis, and intrusion analysis to handle security incidents across endpoints, network, and cloud infrastructure. Your responsibilities include prevention, detection, response, and remediation activities, ensuring the protection of information assets using technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), IDS/IPS, Data Loss Prevention (DLP), and more.

Effective communication and collaboration skills are essential to work successfully with stakeholders in multicultural and global environments.

• Report to the Director and facilitate all phases of the incident response lifecycle.
• Participate in incident prevention projects to enhance security posture.
• Preparation:
• Understand regulatory and compliance requirements like reporting timelines and escalation procedures.
• Engage in self-assessment exercises such as Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to ensure incident response effectiveness.
• Develop incident response runbooks, playbooks, and SOPs aligned with regulatory requirements.
• Assess incident response readiness across people, processes, and technology layers.
• Detection & Analysis:
• Respond to cybersecurity incidents escalated from various channels, including the 24/7 SOC team.
• Ensure incident response complies with local authority and regulatory requirements.
• Assess risks, impacts, and scope of threats.
• Conduct in-depth analysis of logs and data sources to investigate threats and IOCs.
• Containment, Eradication, and Recovery:
• Communicate with stakeholders and provide guidance to contain and eradicate incidents.
• Participate in root cause analysis using forensic tools to identify sources of compromise.
• Document findings and present reports on high-profile events.
• Post-Incident Activities:
• Lead lessons learned meetings.
• Track follow-up activities.
• Document incidents and prepare incident reports.

Always be prepared to respond swiftly to security incidents.

• Minimum 5 years of experience in cybersecurity.
• Strong technical and analytical skills.
• Familiarity with the incident response process.
• Knowledge of AI tools for automating security tasks.
• Hands-on experience with incident response activities.
• Scripting skills in Bash, PowerShell, Python, Go, etc., for Windows, Linux, macOS, and cloud environments.
• Knowledge of cybersecurity tools like NGFW, EDR, IDS/IPS, DLP, SIEM, and log management platforms.
• Familiarity with the MITRE ATT&CK Framework and Cyber Kill Chain.
• Passion for exploring new technologies and proactive team contribution.
• Security certifications (e.g., Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM) are a plus.
• Awareness of regulations like GDPR, MAS, PSD2 is advantageous.

• Quick learner with a proactive attitude.
• Team player with compassion.
• Willing to learn and put in extra effort.
• Sense of ownership, accountability, urgency, and prioritization.
• Confidence in handling incidents and engaging with senior stakeholders.
• Business acumen to support technical decision-making.