Cyber Security Engineer

To be part of Cyber Threat team, tier 3 SME and mentor to the SOC team. This role required continuous detection, analysis, investigation, response, and mitigation of advanced threats before they affected the bank’s IT infrastructure via a proven and documented cyberthreat model, e.g., Mitre Attack Framework.

• 4 - 5 years of information security experience
• 1 - 2 years supporting incident response and/or investigations
• Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat
• Knowledge and ability to identify threat actor attack methods and track their developments
• Experience using Threat Model e.g. Cyber Kill Chain & Mitre ATT&CK
• Extensive experience conveying complex information in simple, succinct explanations
• Exceptional attention to detail

• Strong technical writing skills
• Extensive experience with analytical tradecraft
• Thorough understanding of cybersecurity principles
• Ability to work independently and build relationships
• Efficient research methodologies
• Ability to relate & convert technical threats with business risks
• Strong proficiency with scripting and programming languages (e.g. Python, PowerShell, Java, NodeJS, Perl, etc).
• Strong communication & writing skills for reporting and analysis on cumulative findings

• Maintaining of SIEM solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement)
• Ensure events / logs from all relevant devices are sending to SIEM solution in a complete and accurate manner
• To produce monthly SIEM system health report (completeness and accurate)

• Perform threat hunting through industry accepted methodologies including Hypothesis Driven investigation, IOC driven Investigation or Machin Leaning Investigation
• Analyze host, network traffic, IDS/IPS/DLP events, packet capture, firewall logs and other relevant solutions
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
• Perform offensive validation on identified TTP’s

• Continuously develop SIEM use cases based on Mitre Attack framework based on threat landscape
• To onboard all use cases to Security Operation Center for 24 x 7 monitoring and timely response
• Continuously onboard new IOC to threat prevention solution to ensure known threat are prevented at all time
• Continuously improve processes for use across multiple detection sets for more efficient Security Operations
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Assist in the design, evaluation, and implementation of new security technologies