Cyber Security Engineer

Team is looking for Cybersecurity expert/SME in Detection Engineering & Security Investigation areas, part of Production SOC & Security Investigation & Incident Response team.

Your role will be to:

1. Strengthen the detection capabilities in APAC and be member of the Global Use Case development team for a worldwide alignment of the security use cases.

2. Contribute to the enhancement of SIEM and SOAR capabilities,

3. Act as reference point in team of experts on Security Incident Response activities, Anti-Malware/Defense activities and Security Detection activities,

4. Oversee the detection capabilities for the 24/7regional IT Production SOC which handles the IT Production security alerts for the APAC region,

5. Participate to the global continuous improvement of the framework of tools and processes for Security Incident Management,Anti-Malware/Defense and Security Detection,

6. Collaborate with the APAC Business CSIRT, accountable for the Security Incident practice in APAC, to strengthen the extended security monitoring setup between Business Information Security and IT Production Security.

Direct Responsibilities

. Lead technical activities (security usecase definition, design, implementation & enrichment) in the team of IT Production Security Investigation & Incident Response based on real-world attack scenarios and framework like MITRE ATT&CK, ensuring robust security detection posture across various layers.

. Understand ongoing security threats in the wildand propose security use case to detect and when possible, protect or mitigate.

. Be autonomous on technical activities(definition, R&D/threat hunting) in the team of IT Production Security Investigation & Incident Response and oversee the detection capabilities of the 24/7 regional IT Production SOC

. Respond to Cyber / IT security incidents and evaluates the type and severity of security events.

. Identify recurring security issues and risks and develops mitigation plans and recommends process improvements.

. Partner with global, regional and local stakeholders to ensure organizational and procedural efficiency and readiness for detection of suspicious events and reaction

. Continuously improve the processes to strengthen the current SOC framework via review of policies and operational playbooks

Contributing Responsibilities

. Partner with the APAC Business CSIRT for integrated security monitoring and alert/incident handling operations.

. Contribute to local security incident response outside the direct scope of responsibilities (i.e., local IT production in some APAC business entities)

. Contribute to the Bank compliance with regulatory requirements and internal policies

. Contribute to the reporting of all incidents according to the Incident Management System

. Contribute to the control frameworks in day‐to‐day business activities, such as Control Plan Participate to Audit interview and provide the require evidence

Competencies(Technical / Behavioral)

Role Specific Technical Skills

. Requires a minimum of 7 or more years of experience as security professional

. Experience in security usecase design/development with understanding of Java language.

. Good working knowledge of Linux (RedHat/Ubuntu).

. Working knowledge to interpret security logs or instructions into threat models. SecOPS-DevOPS mindset & skills.

. Experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders.

. Thorough understanding of technologies and security concepts, with knowledge & hands on experience in SIEM Product and Security Incident Management

. Experience on incident response activities(threat hunting, event analysis, incident investigation, reporting)

. Comfortable working with and making the most of large data sets (collection, analysis, response), creating content/usecases/models and bringing an automation mindset.

PersonalAttributes

. Strong problem-solving skills

. Good communication skills (English is MUST, French is added advantage)

. Positive attitude, willing to upskill and carryout in-depth troubleshooting

. Has the ability to work autonomously and think on feet, be-proactive.

. Good interpersonal skills and team player

. High energy level coupled with a desire to take on responsibility

. Able to multi-task & deliver within agreed deadlines.

Specific Qualifications

. Candidate MUST have 7 or more years of experience on overall cybersecurity incident response with 4+ years specifically on security usecase design, development, coding.

. Experience in SIEM on ELK(Elastic Logstash Kibana) stack is a plus

. Professional credentials in one of the relevant IT Security disciplines is a plus (SANS / CISSP / OSCP)

. Experience in common scripting languages such as Python, PowerShell, Bash, SQL is a plus