The Cybersecurity Engineer encompasses data protection through threat detection, incident response, and scripting, keeping our patient data safe and secure.
Responsibilities:
- Round-the-clock surveillance of the Company's information assets using various cyber defence tools to monitor internal and external sources.
- Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
- Use cyber defence tools for continuous monitoring and analysis of system activities to identify malicious activity.
- Analyse and respond to threats, software, and hardware vulnerabilities.
- Develop scripts, fine-tuning SIEM rules and solutions to automate the triage and analysis process.
- Provide incident response (IR) support when required.
- Produce actionable cyber threat intel from various threat intelligence sources, both open and commercial sources.
- Actively hunt for indicators of compromise (IOCs) and threat actor groups and tactics, techniques, and procedures (TTPs) in the environment.
- Investigate and assess alerts from our diverse security tools (EDR, SIEM, etc.) to determine the scope, impact, and appropriate response to potential incidents.
- Take decisive action to contain and mitigate threats, following our incident response playbooks and processes.
- Serve as a key point of contact during security incidents, providing clear and timely updates to technical and non-technical stakeholders across the organization.
- Handle and respond to enquiries on Change Requests and Service Requests.
- Perform user and application on-boarding activities within PAM.
- Assist in incident handling, including joint troubleshooting with vendors and clients, applicable to both remote and onsite support.
- Stay abreast of emerging cybersecurity threats, vulnerabilities, and regulatory requirements.
- Assist in the interpretation of cybersecurity and technology-related legislation.
- Participate in cybersecurity exercises to ensure the continued relevance and efficacy of the organization's response capabilities.
- Document and review the components of cybersecurity operations to ensure potential risks are considered.
- Ensure that all areas of cybersecurity are reviewed and covered comprehensively.
- Able to work shift, shift patterns may change according to business needs.
- Create and update device technical documentation to support system changes and configurations.
- Handle minor software upgrades, patches, and vulnerability fixes as released by vendors.
- Strong ability to interpret the information collected by network tools.
- Provide risk oversight and monitoring through independent reviews and objective assessments. This includes establishing monitoring processes.
- Collaborate with other departments and business units to ensure alignment on cybersecurity risk management practices.
Requirements:
- Degree or Diploma in Computer Science, Computer Engineering, or Information Security related fields.
- 2 years of experience working in a Security Operation Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
- A relevant industry certification (e.g., CISSP, CISM, CRISC) is highly desirable and scripting capabilities (i.e. Python, Bash or PowerShell) are a plus.
- Working experience with OWASP Top 10, CVSS, MITRE ATT&CK framework, Cyber Kill Chain and DevSecOps strongly preferred.
- Good knowledge of different types of network communication (e.g., Local Area Network, Wide Area Network, Metropolitan Area Network, Wireless Wide Area Network, Wireless local Area Network).
- Good knowledge of incident response and handling methodologies.
- Strong troubleshooting, analytical, and problem-solving skills.
- Good knowledge of backup policies, change management, and security patching processes.
- Team player with good communication, presentation, and interpersonal skills.
- Meticulous, self-motivated, and able to work under pressure.
Please be notified that only shortlisted candidates will be notified
