Cyber Threat Analyst

Department: Group Information Technology

Reporting to: Cybersecurity Lead

• Responsible for protecting an organization's computers, networks, software, hardware, and data from malware and cyber-attacks.
• To ensure compliance of all IT operations across the company and its subsidiaries (Group) with the standardized IT policies and procedures, internal and external regulations, and proper IT Security governance structures.
• To demonstrate technical qualities in identifying, analyzing, and reporting security threats.

• Monitor OSINT (Open-Source Intelligence), dark web, threat feeds, and industry reports to identify threats relevant to the organization.
• Enrich and maintain intelligence on adversaries, malware, vulnerabilities, and TTPs (Tactics, Techniques, and Procedures).
• Correlate intelligence with internal telemetry to detect risks and ongoing campaigns.
• Collaborate with the SOC to monitor, detect, and respond to security incidents.
• Analyze system and network traffic data, security logs, and alerts to identify potential attacks.
• Conduct incident investigations, root cause analysis, and recommend remediation.
• Escalate and document incidents following defined processes.

• Manage SIEM, XDR, firewalls, and detection tools to support proactive threat hunting.
• Conduct vulnerability assessments, penetration testing, and patch management.
• Assess and monitor IT project risks, operational risks, and change management initiatives.
• Provide guidance on access control, endpoint protection, and security best practices.

• Conduct periodic assessments to ensure alignment with IT policies and procedures.
• Develop reports and dashboards for management and regulatory submissions.
• Work with IT/OT teams to ensure compliance with ISO 27001, NIST/IEC standards, Malaysia’s Cybersecurity Act 2024, and PDPA.

• Bachelor Degree in Information Security or equivalent with minimum CGPA 3.00 & above.
• Minimum of 3–5 years of experience in cybersecurity operations, SOC, or incident response.
• Candidate shall be a Certified Ethical Hacker (CEH) or any professional Network and Cyber Security certification.
• Knowledge of threat intelligence, MITRE ATT&CK, and incident response frameworks.
• Strong IT skills and knowledge, including hardware, software, and networks.
• Hands‑on experience with XDR, firewalls, switches, routers, and other networking security appliances /endpoint security tools.
• Knowledge in Malware Analysis, Security Incident Response, Advanced Threat Protection, SIEM or SOAR, Privileged Access Management (PAM), Data Loss Prevention (DLP), Microsoft Intune or Mobile Device Management MDM.
• Working experience in performing Security Posture Assessment (SPA), IT Auditor (ISO 27001 ISMS), or Security Operation Centre (SOC) will be an added advantage.
• Good interpersonal and user-handling skills with the ability to manage expectations and communicate technical details.
• Logical and analytical approach to problem-solving.
• Contributes to team effort by accomplishing related results as needed.
• Able to work beyond normal working hours.

You may email your resume/CV to @gasmalaysia.com and kindly include your notice period, expected salary and together with your Degree Transcript.