IT Security Operations Analyst APAC

Context: The strategy of Anglo American is to secure, develop and operate a portfolio of high quality and long-life resource assets to deliver leading shareholder returns. This can be achieved through innovative practices and technologies, in the hands of our world-class people, working towards a common purpose of re-imagining mining to improve people’s lives.

Information Management (IM) develops and optimises the engine that powers Anglo American’s digital and technology ecosystems, so our people can re-imagine the ways we mine, work, and operate.

We are a team of highly specialised experts who consistently push the boundaries of digital, technology, and automation—innovating to drive a smarter, safer, and more sustainable enterprise.

We touch every area of our business, driving value and growth as a result of this approach. We generate efficiencies by optimising operations and improving productivity. We support faster decision making through technical and digital support to our global workforce 24/7. We also drive business continuity by anticipating and managing cyber security, privacy and intellectual property risks through centralized controls.

Support IT security operations, identifying and responding to potential threats and incidents, to ensure AA’s cybersecurity and data protection.

• Monitor and analyse security alerts and incidents to detect and respond to cyber threats
• Investigate security breaches and coordinate incident response activities
• Collaborate with IT and security teams to implement security controls and best practices
• Respond to cyber related events and incidents and manage and collaborate with security operations personnel during the remediation and post incident review phases
• Optimise security logging tools to ensure efficiencies and reduce overheard where possible
• Develop scripts and SOAR playbooks to support the automated/reduced remediation of common incidents
• Administration of EDR and SIEM platforms
• Share Indicators of Compromise with relevant teams and build pattern and trend analysis of attacks to support the threat intelligence function
• Perform threat hunting across the estate
• Coordinate local incident response processes and personnel to ensure the Incident Manager is fully supported from a cyber defence/operations perspective in region
• Conduct research into existing threats to help support risk reduction process
• Produce threat notifications relating to potential future threats to the business and assist in the development of remediation strategies to mitigate/reduce the risk posed by these threats
• Engage in security awareness and training programs for employees

An undergraduate qualification or Apprenticeship (Bachelors / Honours degree or equivalent) in computer science, business informatics, engineering/technology or equivalent experience

Advanced knowledge of computer systems, security technologies, network protocols, incident response processes, ITIL and threat intelligence. Very good familiarity with endpoint detection and remediation tools (EDR), vulnerability management, SIEM, SOAR, and M365 technologies. Knowledge of programming/scripting languages, operational technologies and digital forensics can be helpful. Staying updated on emerging technologies and cyber threats is essential in this field.