Lead Cyber Security Engineer (CTI, DFIR)

Overall Function:

You will focus on security threat intelligence, anomaly hunting, digital forensics, and incident response. Leverage your security knowledge and experience with a broad array of tools and techniques to detect and respond to malicious activities. Familiarity with the Cyber Security Act 2018, Cybersecurity Code of Practice (CCoP), MAS Cyber Hygiene, and Technology Risk Management Guidelines is essential. You will work in a highly collaborative environment with cross-functional teams.

Key Responsibilities:

1. Conduct research, collect and analyze data, evaluate intelligence; identify patterns and trends; develop appropriate strategies.
2. Provide actionable intelligence to detection operations to proactively monitor systems for potential threats.
3. Investigate security incidents and conduct data analysis based on findings.
4. Proactively hunt for threats, implement identification, containment, and eradication measures, and support recovery efforts.
5. Develop, maintain, and enhance threat intelligence processes, procedures, frameworks, libraries, and services.
6. Inform internal stakeholders of potential cyber threats by analyzing internal and external intelligence feeds.
7. Conduct threat modeling and threat hunting activities.
8. Research the latest methods, tools, and trends in digital forensics analysis.
9. Handle Tier 2/3 incident escalations from detection operations and assist with real-time, continuous security event monitoring, response, and reporting.
10. Conduct forensic investigations internally and externally; collect, preserve, and analyze data and digital evidence.
11. Perform forensic examinations on electronic devices, including laptops, desktops, servers, and mobile devices; preserve and analyze data obtained from examinations.
12. Write and present routine reports.

Requirements:

1. Degree in Computer Science, Computer Engineering, or Information Security-related fields.
2. Minimum of 5 years' experience, including at least 2 years in threat intelligence and threat hunting roles, with the remaining in incident response, digital forensics, security operations, or security engineering roles.
3. Familiarity with MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Notice, and Cybersecurity Code of Practice.
4. In-depth knowledge of current operating environments (Microsoft, UNIX & Linux).
5. Strong understanding of networking concepts, including TCP/IP, DNS, HTTP, SMTP.
6. Knowledge of cyber threat intelligence processes and tradecraft.
7. Understanding of Advanced Persistent Threat (APT) actors and their Tactics, Techniques, and Procedures (TTPs).
8. Familiarity with frameworks like Lockheed Martin Cyber Kill Chain, STRIDE, and MITRE ATT&CK.
9. Experience with research tools such as Autopsy, Belkasoft RAM Capturer/DumpIt/Comae Memory Toolkit, EnCase, FTK, Volatility, Wireshark.
10. Proficiency in programming languages like Python and PowerShell.
11. Cloud computing knowledge/experience is highly advantageous.
12. Positive attitude and growth mindset.
13. Excellent written, verbal communication, and presentation skills; comfortable with public speaking and presenting to senior leadership.
14. Certifications such as OSCP, GCTI, GPEN, GCIA, GCIH, GCFA, GCFE, GCNFA, or GREM are highly desirable.