Senior Incident Responder & Investigator

The response, investigation and escalation tier are responsible for the validation and analysis of investigations passed up from Tier 1 analysts. Tier 2 incident responder and investigator will complete the documentation of the investigation, determine the validity and priority of the activity and escalate to the Incident Manager. Analysts staffed at Level 2 would be senior staff.

Key Responsibilities

• Recognizes successful intrusions and compromises through review and analysis of relevant event detail information.
• Investigates potential security incidents - recognizes attacks based on techniques, tactics and procedures and differentiates false positives from true intrusion attempts.
• Follow up and track investigations to resolution.
• Further validate, classify incidents and update security incident cases.
• Alert system and information owners of intrusions and potential intrusions and compromises to their network infrastructure
• Escalates security incidents to appropriate teams within True Digital
• Provides assistance during remediation of security incidents.
• Security services management including finetuning security use cases.
• Fine tuning SIEM tools and reducing false positives.
• Update the MDR tools as necessary.
• Continuously improve the MDR services.
• Maintain and provide data required to calculate the MDR Centre services’ SLAs, KPIs and KRIs.
• Update MDR processes and procedures as necessary.
• Follow and implement the True Digital’s change management process.
• Publish regular reports to internal teams.
• Conduct regular information security awareness sessions to the general community of the organisation.

Qualifications

• Bachelor degree in science or engineering is required.
• At least five (5) years of full-time experience in information security, with at least two(2) years in security monitoring and response.
• GIAC Certified Intrusion Analyst or demonstrated skills and ability to obtain the certification are required.
• GIAC Certified Incident Handler or demonstrated skills and ability to obtain the certification are required.
• Expert level analytical and problem-solving skills are required.
• Self-motivated with the ability to take decisions in the absence of detailed instructions.
• Expert level knowledge in managing and operating SIEM solutions, preferably using Splunk, is required.
• Proven experience in investigating security incidents is required.
• Proven experience in threat hunting is required.
• The ability to work with regular expression is required.
• Knowledge and/or experience with vulnerability assessment tool is preferred.
• Proven experience in programming with shell scripting and Python is required.
• Proven experience with Microsoft Windows and Linux operating systems is required.
• Proven experience with managing and monitoring network security devices such as firewalls and intrusion detection systems is required.
• Deep knowledge in network protocols such as TCP/IP, Syslog, DNS and NetFlow is required.
• Knowledge and/or experience in managing and monitoring distributed denial of services solutions.
• Knowledge of web technologies such as HTML, JavaScript and PHP is preferred.
• Proven experience with Microsoft Windows and Linux operating systems is required.
• Knowledge and/or experience in managing and operating threat intelligence platforms is required.
• Excellent oral and written communication skills, especially in conducting presentations, discussing security incidents and creating security incident reports, are required.
• Knowledge of ITIL is preferred.
• Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service (MSS), or enterprise network environment

OUR COMMITMENT TO YOU

We value our people and have the mission to attract and retain exceptional talent. We work in a truly agile environment where opinions are encouraged collaboration…. everyone has an opinion….opinions are valued…..and have no time for finger pointing and politics, instead we test & learn and celebrate successes as a team.

We will provide a training and coaching program to all our team members, tailored to your development needs and aspirations. This can cover a wide range of skills, like mastering new technologies, further developing your skills in presenting to a non-technical audience or supporting you to grow in a leadership position.

OUR OFFER

Employee Provident Fund – Annual Bonus - Annual health check-up - Medical Service @Workplace – Medical Expense Reimbursement - Health & Life Insurance - Fitness, Spa, Day care – Employee Privileges – Employee Loan - Education Loan - Scholarship for Employees' Children - Learning Center - Staff Activities - Smart Casual