Cyber Security Incident Response Analyst
Pasig, Metro Manila, Philippines
DFI DigitalDFI Retail Group is a leading pan-Asian retailer. The Group operates under a number of well-known brands across food, health and beauty, home furnishings, restaurants and other retailing in the region.
DFI Company Brief
DFI Retail Group (the ‘Group’) is a leading pan-Asian retailer. At 31st December 2021, the Group and its associates and joint ventures operated over 10,200 outlets and employed some 230,000 people. The Group had total annual sales in 2021 exceeding US$27 billion.
DFI Retail Group is a leading pan-Asian retailer and operates across four broad formats: Food (including Supermarkets, Hypermarkets and Convenience stores), Health & Beauty, Home Furnishings, and Restaurants. The Group has operations in 12 markets and operates multiple formats in most markets to satisfy different customer segments and trades under well recognised brands. DFI digital is a new entity by DFI retail group to provide more advanced online shopping experience.
About the role:
We are expanding and looking for a Cyber Security Analyst to join our IT Security Team. This position is the Level 2 blue team within the Cyber Security Incident Response Team (CSIRT) for cyber security investigations and incident handling. Your background should include hands-on security incident response and exposure to security technologies including firewalls, IPS/IDS, EDR, DLP, Vulnerability management, logging, monitoring, detection, security incident response, exposure to digital forensics and Threat hunting. You should have a good understanding of network security, system administration and Production Support of Security platforms. To execute your expertise with excellent stakeholder management while problem solving will be a top priority for you.
- Responsible, interpreting, conducting analysis, enhancing, and making recommendations for resolution from security logs sources and alerts from the (SIEM, SOAR, IAM, CASB, EDR, SEG & other security tools) and other threat detection systems for threats activity from our managed services Security Operations Centre (SOC).
- Act as team leader and responsible for cyber security incidents arising (e.g. for end-point devices such as laptops, desktops, servers, firewalls, routers, O365, SEG, security devices, etc), including those escalated by Security Operations Centre (SOC). This involves following up with the respective end users and IT personnel to ensure incidents are effectively closed.
- Lead and Implement data loss prevention (DLP) measures (e.g. on end-point devices and email system), as well as monitor alerts and take necessary follow-up and remediation actions as required.
- Oversee tracking, follow-up and closures of issues/incidents to achieve 100% SLA completion.
- Cyber Threat Hunting and Incident Response
- Performs proactive threat hunting within on-premise and cloud environments to uncover indicators of threat activities.
- Performs digital forensic preservation, legal documentation and electronic discovery for incidents and investigations.
- Report incident statistics and provide analysis of incidents.
- Prepare regular cyber security status reports for submission to Leadership team.
- Plan and conduct annually Cyber Security drill.
- Degree in Information technology or equivalent
- Minimum 5 to 7 years' experience in IT/Cyber Security Incident Response, Security monitoring, SOC functions, computer forensics, cybercrime investigations, Threat intelligence or Threat Hunting.
- Thorough understanding of security technologies and concepts, with knowledge and hands-on experience in SIEM and Soar products and security incident management
- Experience performing security monitoring and incident response activities in an advanced Security Operations Center (SOC) environment, including log analysis, event analysis, incident investigation, and reporting
- Ability to investigate incidents, remediate, track, and follow up for incident closure with concerned teams and stakeholders • Strong program and project management expertise, with the ability to take initiative, be proactive, and run decision-making processes autonomously
- Excellent communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner
- Analytical skills with the ability to interpret complex situations and develop appropriate solutions proactively
- Flexibility to adapt to a fast-paced, changing environment while maintaining a focus on rigor and accuracy in deliverables
- Knowledge in OWASP and common attack vectors in different platforms (Windows, Linux, Network, etc)
- Knowledge and experience in Qualys, PAM, Netscope, Minecast, SentinelOne, Asure Security Centre is preferred
- Experience and understanding of IT operations and processes
- Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, NIST, PCI-DSS, Data Protection etc ., cyber security threats, tools and best practices
Experience in working with managing external vendor supporting SOC
Preferred Certifications: CISSP, CEH, GCIH, GIAC, SANS certifications or equivalent
- Demonstrated project exposure from previous work experience
- Ability to co-ordinate many dependencies and multiple demands in a fast-paced, fast changing operating environment
- Ability to work Independent with less supervision
- Excellent oral, written communication and presentation skills
- A vibrant and international team with multi-cultural and diverse backgrounds
- Solving challenges with inspiring colleagues in an all hands-on deck environment
- Management team that recognizes top performers, welcome our newbies, and shares a love for good food
- Competitive package, incentives, allowances, food perks, insurance, pension and more
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Blue team CEH CISSP Cloud CSIRT Cyber crime EDR Firewalls Forensics GCIH GIAC IAM IDS Incident response IPS ISO 27001 Linux Log analysis Monitoring Network security NIST OWASP Qualys SANS SIEM SOAR SOC Threat detection Threat intelligence Vulnerability management Windows
More jobs like this
Wellington, Wellington, New Zealand Wellington, Wellington, New Zealand Full TimeMid Mid-levelUSD 45K - 84K * USD 45K+ *
Senior Consultant - Security OperationsArtificial Intelligence Azure Cloud Compliance CrowdStrike DFIR +15
Career development Competitive pay Flex hours Health care Medical leave +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs