BACKGROUND
Our client, which is one of the largest Malaysian insurance is looking for
Senior Manager in the Cyber Threat Intelligence. The role requires to proactively investigate security events to identify artifacts of a cyber-attack detect advanced threats that evade traditional security solutions, threat actor-based investigations, creating new detection methodology, support incident investigations and monitoring functions. Threat hunting includes using both manual and machine-assisted capabilities, that aims to find the Tactics, Techniques
and Procedures (TTPs) of advanced adversaries. The candidate must have a curious investigative mindset, experienced in information security, and the ability to communicate complex ideas to varied stakeholders.
JOB ROLE
- Develop, document, and maintain cyber threat hunting framework
- Hunt and identify for threat actor groups, techniques, tools and procedures (TTPs)
- Perform threat hunting through analysis of anomalous log data to detect and mitigate cyber threat activities
- Actively develop threat hunting hypothesis, translating hunt activities into an iterative process, and automating the process of hunting for cyber threats
- Review alerts generated by security monitoring tools and provide recommendation to enhance alerts for more efficient monitoring
- Provide forensic analysis of network packet captures, DNS, proxies, malware, host-based security, and application logs, as well as logs from various data sources
- Provide expert investigative support during large scale and complex security incidents
- Analysis of security incidents to enhance security monitoring and alert catalogue
- Investigate and validate suspicious events by using open-source and proprietary intelligence sources
- Document and communicate findings to an array of audiences which includes both technical and executive teams
- Continuously improving processes and use cases on security monitoring tools
- Keep up to date with information security news, adversary techniques and threat landscape
- Support day-to-day operations, ensuring efficient delivery of Cyber Threat Intel services.
REQUIREMENTS
- Must have a minimum 8 years of experience in a technical security role in
- one of the following areas: Operating System security, Network security,
- Internet or Web security, Endpoint security
- • Experience with researching and incorporating Cyber Threat Intelligence
- findings into threat hunting workflow
- • Knowledge and experience working with MITRE ATTACK framework,
- Cyber Kill Chain Model or Diamond Model
- • Experience with incident response process, including detecting advanced
- adversaries, log analysis and malware triage
- • Experience with Netflow or PCAP analysis
- • Experience with Windows file system and registry functions or *Nix
- operating system and command line tools
- • Knowledge and experience in developing detection signatures (YARA,
- SNORT)
- • Knowledge of malware and threat actor’s behavior, and how common
- protocol and applications work at network level.