Insider Threat Analyst (SIEM, Splunk, EDR)

2-5 years
4500 - 6700 SGD monthly
6 days ago
Job Description

  • Conduct investigations by analyzing and verifying information through various investigative techniques, internal resources, forensics, and Insider threat tools such as Data Loss Prevention, End Point Detection and Response, Network Traffic Analysis & Deceptive Technology to detect malicious lateral movement & Privilege escalation in On-prem and Cloud environment.
  • Triage all Insider Threat alerts within SLA guidelines.
  • Collaborate with internal teams to drive insider threat program continuous improvement.
  • Assess and make recommendations for improvement and refinement of Use Cases, software tools, and other risk reduction methods used to improve the insider threat program.
  • Proven experience using analytical and data visualization tools to automate the analysis and provide insights of large dataset and correlate with Splunk SIEM and other sources of information and conduct investigative works into all traffic anomalies against established, historical baselines to identify the root cause to an incident, reported suspicious events or red teaming activities.
  • Stay current with the latest Cyber threats, Attacks and vulnerabilities, and updated with the evolving and emerging attack techniques and methods.
  • Participate in various Cybersecurity exercises such as Cyber Ranges and BCP.

Key Requirements:

  • Minimum of (3) three years direct Information Security experience as an insider threat analyst, or security engineer, or a similar role, preferably with insider threat management experience in a Financial Institution environment.
  • Hands on experience with investigative and/or insider threat tools, such as UEBA, DLP, EDR, Computer Forensics, Monitoring, Splunk SIEM, Incident Response, Databases, or data visualization tools in On-prem and Cloud environment.
  • Understanding and/or working knowledge of insider threats in the Dark and Deep Web underground forums
  • Strong practical experience in Cyber security: MITRE ATT&CK Framework, Cyber kill chain, TTP, threat intelligence, malware triage.
  • Strong understanding of Different Attacks on System, Network, Applications.
  • Relevant industry certifications such as Splunk SIEM certification, CERT, CFE, CFCE, CISSP, GCIH, SANS, GIAC.
  • Possess strong analytical skills, self-motivated, detail oriented and team player

Kelly Vu

EA Licence Number: 23C2060

Registration ID is R1109308

Disclaimer:The company is committed to ensuring the privacy and security of your information. By submitting this form, you consent to the collection, processing, and retention of the information you provide. The data collected (which may include your contact details, educational background, work experience and skills) will be used solely for the purpose of evaluating your qualifications for the position you're applying for. Your data will be stored securely and retained for the duration necessary to fulfill our hiring process. If you are not selected for the position, your data will be kept on file for a limited period in case future opportunities arise. You have the right to access, correct, or delete your data at any time by contacting us at Quess Singapore | A Leading Staffing Services Provider in Singapore (quesscorp.sg)

Career Advice to Find Better