(A) Senior Security Analyst

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

About the job (A) Senior Security Analyst

Job Responsibilities:

• Must have experience in SIEM Background (Security Information and event management)
• Work in 24x7 shift to handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.
• Escalate critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.
• Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation.
• Proactively work with customers to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.
• Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
• Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.
• Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-to-end responsibility for smooth go-live.
• Identify gaps in existing SOC processes and work with team members or other departments to create or modify standard operating procedures, to automate any mundane daily operational activities, ensuring operations are run efficiently.
• Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks and a relevant and sufficient knowledge base.
• If required, assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events.
• Lead and manage junior analysts in handling incidents, day-to-day operations, SLA requirements, and customer requests.

2.0 Required Qualifications:

• Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information security.
• Excellent hands-on experience in implementations and incident analysis of IBM QRadar, Alienvault SIEM technologies and should hold relevant vendor certifications.
• Hands-on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies, preferred if CrowdStrike, Cisco AMP for endpoint.
• Hands-on experience on email security solutions, preferred if that is on Cisco Email Solutions.
• Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
• Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with proven Unix (Solaris, Linux, BSD) experience.
• Knowledge of any shell scripting language, and ability to apply them to automate mundane operations tasks.
• Candidate should have at least one SANS certification, preferred if that is GCIH.
• Good understanding of basic network concepts and advantage if exposure to cloud technologies.
• Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards.
• Excellent soft skills in English and advantage if can speak Mandarin.
• Advantage if have hands-on experience in performing vulnerability assessments and presenting to customer business teams.
• Experience in penetration testing and report drafting.
• Experience in Forensics and Incident Response.
• Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds.
• Experience in security standards viz., ISO 27001:2013, NIST, CIS etc.

Questions to answer:

• Number of years of experience in SOC environments.
• Number of years of hands-on experience on SIEM tools.
• Do you have experience on QRadar or Microsoft Sentinel SIEM? Otherwise, what SIEM?
• Number of years of experience on EDR tools – CrowdStrike or Microsoft Defender for Endpoints? Or any other EDR tools?
• Number of years of experience in performing advanced security incident analysis and investigations or CERT activities?