Key Areas of Responsibilities
- Ingest logs from all in-scope IT systems to SIEM (MS Sentinel)
- Configure SIEM test cases / Machine Learning alerts in SIEM systems
- Facilitate reviews of SIEM alerts with SOC team to detect security incidents and fine-tune log ingestion as required
- Manage Endpoint Security, DLP solutions, Firewall configurations, and Web Proxy appliances
- Conduct vulnerability assessments and assist in remediation efforts
- Review Security Information and Event Management (SIEM) alerts to detect security incidents and conduct investigations if required
- Identify gaps from security incidents and recommend control improvement
- Monitor industry cyber threat feeds and news and conduct appropriate analysis and follow-up actions
- Develop and maintain standard operating procedures for event monitoring and incident response
Requirements
- Graduate in Information Technology or relevant stream
- Should have min 3 years of exp in the field of Information security
- Strong understanding of security tools and techniques including SIEM, Log review, Endpoint Detection & Response (EDR), Application Whitelisting, Data leakage and Malware Analysis, Web-proxy
- Strong understanding of cybersecurity concepts and incident management processes
- Extensive theoretical and practical knowledge with Windows, Linux, and TCP/IP networking
- Scripting experience on any of the following Python/Perl/Bash/Power Shell could be an advantage
- Industry Certifications and an educational background from Information Technology
- Preferably should understand Cloud Security principles and technologies
- Ability to work and solve technical issues / problems independently
- Good verbal and written communication skills
- Strong time management and organizational skills
- Diligent, follow through and attention to the detail approach
