Senior Incident Responder & Investigator
Bangkok, TH
True Digital Group
Enabling Digital Transformation As a subsidiary of True Corporation, a leading communications conglomerate in Thailand, True Digital Group (TDG) ambition is to transform Thailand and the region for digital revolutions. uncover new...The response, investigation and escalation tier are responsible for the validation and analysis of investigations passed up from Tier 1 analysts. Tier 2 incident responder and investigator will complete the documentation of the investigation, determine the validity and priority of the activity and escalate to the Incident Manager. Analysts staffed at Level 2 would be senior staff.
Key Responsibilities
- Recognizes successful intrusions and compromises through review and analysis of relevant event detail information.
- Investigates potential security incidents - recognizes attacks based on techniques, tactics and procedures and differentiates false positives from true intrusion attempts.
- Follow up and track investigations to resolution.
- Further validate, classify incidents and update security incident cases.
- Alert system and information owners of intrusions and potential intrusions and compromises to their network infrastructure
- Escalates security incidents to appropriate teams within True Digital
- Provides assistance during remediation of security incidents.
- Security services management including finetuning security use cases.
- Fine tuning SIEM tools and reducing false positives.
- Update the MDR tools as necessary.
- Continuously improve the MDR services.
- Maintain and provide data required to calculate the MDR Centre services’ SLAs, KPIs and KRIs.
- Update MDR processes and procedures as necessary.
- Follow and implement the True Digital’s change management process.
- Publish regular reports to internal teams.
- Conduct regular information security awareness sessions to the general community of the organisation.
Qualifications
- Bachelor degree in science or engineering is required.
- At least five (5) years of full-time experience in information security, with at least two(2) years in security monitoring and response.
- GIAC Certified Intrusion Analyst or demonstrated skills and ability to obtain the certification are required.
- GIAC Certified Incident Handler or demonstrated skills and ability to obtain the certification are required.
- Expert level analytical and problem-solving skills are required.
- Self-motivated with the ability to take decisions in the absence of detailed instructions.
- Expert level knowledge in managing and operating SIEM solutions, preferably using Splunk, is required.
- Proven experience in investigating security incidents is required.
- Proven experience in threat hunting is required.
- The ability to work with regular expression is required.
- Knowledge and/or experience with vulnerability assessment tool is preferred.
- Proven experience in programming with shell scripting and Python is required.
- Proven experience with Microsoft Windows and Linux operating systems is required.
- Proven experience with managing and monitoring network security devices such as firewalls and intrusion detection systems is required.
- Deep knowledge in network protocols such as TCP/IP, Syslog, DNS and NetFlow is required.
- Knowledge and/or experience in managing and monitoring distributed denial of services solutions.
- Knowledge of web technologies such as HTML, JavaScript and PHP is preferred.
- Proven experience with Microsoft Windows and Linux operating systems is required.
- Knowledge and/or experience in managing and operating threat intelligence platforms is required.
- Excellent oral and written communication skills, especially in conducting presentations, discussing security incidents and creating security incident reports, are required.
- Knowledge of ITIL is preferred.
- Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service (MSS), or enterprise network environment
OUR COMMITMENT TO YOU
We value our people and have the mission to attract and retain exceptional talent. We work in a truly agile environment where opinions are encouraged collaboration…. everyone has an opinion….opinions are valued…..and have no time for finger pointing and politics, instead we test & learn and celebrate successes as a team.
We will provide a training and coaching program to all our team members, tailored to your development needs and aspirations. This can cover a wide range of skills, like mastering new technologies, further developing your skills in presenting to a non-technical audience or supporting you to grow in a leadership position.
OUR OFFER
Employee Provident Fund – Annual Bonus - Annual health check-up - Medical Service @Workplace – Medical Expense Reimbursement - Health & Life Insurance - Fitness, Spa, Day care – Employee Privileges – Employee Loan - Education Loan - Scholarship for Employees' Children - Learning Center - Staff Activities - Smart Casual
Tags: Agile DNS Firewalls GIAC Intrusion detection ITIL JavaScript KPIs Linux Monitoring Network security PHP Python Scripting SIEM SLAs SOC Splunk TCP/IP Threat intelligence Windows
Perks/benefits: Career development Fitness / gym Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs