Key Responsibilities of this job:
- SOC Operations: Oversee the SOC team daily operation, which not limited to rotation schedule, skillsets, response and others.
- Lead Incident Response: Take ownership of high-impact security incidents including APTs, data breaches, ransomware, and zero-day exploits. Coordinate across teams for rapid containment and recovery.
- Forensics & Root Cause Analysis: Conduct host, memory, network, and log forensics. Analyse malware behaviour and trace the attack kill chain.
- Advanced Threat Detection: Design and implement advanced use cases, correlation rules, and custom detections in SIEM and EDR tools.
- Threat Intelligence Integration: Leverage internal and external threat intel feeds to contextualize events and proactively defend against emerging threats.
- Threat Hunting: Proactively search for signs of compromise using hypothesis-driven hunts and anomaly detection methods.
- Tool Optimization & Engineering: Tune and customize SIEM, EDR, and SOAR platforms. Collaborate with engineering teams to improve visibility and detection logic.
- Automation & Orchestration: Contribute to the design and implementation of automated incident response workflows using SOAR or scripting (Python, PowerShell, Bash).
- Mentorship & Training: Provide guidance to L1 (Security Analyst) and L2 (Incident Response) teams. Develop tabletop exercises and continuous improvement plans.
- Post-Incident Reporting: Deliver executive-level summaries, technical RCA reports, and incident metrics to leadership and compliance teams.
Qualifications:
- Bachelor’s degree in computer science, Cybersecurity, or a related field.
- Equivalent experience with demonstrable IR leadership will also be considered.
- Relevant security certifications (e.g.GIAC Certified Incident Handler (GCIH) and EC-Council Certified Incident Handler (ECIH) are a plus).
Minimum years of experience required to perform this job:
- Minimum 6 – 7 years of experience in a cyber security operations and cyber security incident response role.
- 6 – 7 years of experience using security technologies such as SIEM (Security Information and Event Management), IDS (Intrusion Detection System), and firewalls.
- 6 -7 years of experience in Operating System knowledge, such as Microsoft Windows and Linux.
The candidate MUST has a knowledge of:
- preserving evidence integrity according to standard operating procedures or national standards.
- intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- cyber defence and information security policies, procedures, and regulations.
- cyber security incident categories, incident responses, and timelines for responses.
- network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
- OSI model and underlying network protocols (e.g., TCP/IP).
- network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- system administration, network, and operating system hardening techniques.
- cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
Job Type: Full-time
Pay: RM9,600.00 per month
Benefits:
- Dental insurance
- Free parking
- Health insurance
- Maternity leave
- Vision insurance
Schedule:
- Monday to Friday
Work Location: In person
Laporkan kerja
