Job Description

Team is looking for Cybersecurity expert/SME in Detection Engineering & Security Investigation areas, part of Production SOC & Security Investigation & Incident Response team.

Your role will be to:

1. Act as reference point in team of experts on Security Incident Response activities, Anti-Malware/Defense activities and Security Detection activities,

2. Oversee the detection capabilities for the 24/7 regional IT Production SOC which handles the IT Production security alerts for the APAC region,

3. Contribute to the enhancement of SIEM and SOAR capabilities,

4. Strengthen the detection capabilities in APAC and be member of the Global Use Case committee for a worldwide alignment of the security use cases.

5. Participate to the global continuous improvement of the framework of tools and processes for Security Incident Management, Anti-Malware/Defense and Security Detection,

6. Collaborate with the APAC Business CSIRT, accountable for the Security Incident practice in APAC, to strengthen the extended security monitoring setup between Business Information Security and IT Production Security.

Direct Responsibilities

• Lead technical activities (definition, R&D/threat hunting) in the team of IT Production Security Investigation & Incident Response and oversee the detection capabilities of the 24/7 regional IT Production SOC
• Be responsible for the security monitoring and security incident response for the regional IT production
• Partner with global, regional and local stakeholders to ensure organizational and procedural efficiency and readiness for detection of suspicious events and reaction upon security incident.
• Continuously improve the processes to strengthen the current SOC framework via review of policies and operational playbooks
• Steer the regional threat modeling, identification of threat vectors and development of related security monitoring capabilities
• Participate in the Use Case Committee factory to improve the detection capabilities of the Bank
• Report to global regional and local stakeholders on the strategic and operational aspects of these activities

Contributing Responsibilities

• Partner with the APAC Business CSIRT for integrated security monitoring and alert/incident handling operations.
• Contribute to local security incident response outside the direct scope of responsibilities (i.e., local IT production in some APAC business entities)
• Contribute to the Bank compliance with regulatory requirements and internal policies
• Contribute to the reporting of all incidents according to the Incident Management System
• Contribute to the control frameworks in day\xe2\x80\x90to\xe2\x80\x90day business activities, such as Control Plan; Participate to Audit interview and provide the require evidence

Competencies (Technical / Behavioral)

• Requires a minimum of 8+ years of experience as security professional
• Excellent interpersonal and communication skills; ability to influence and motivate
• Ability to handle high pressure situations with key stakeholders to collaborate and communicate effectively and respectfully with both business-oriented executives and technology-oriented personnel in teams across the organization
• Experience of performing security monitoring and incident response activities in an advanced Security Operation Centers (SOC) environment (log analysis, event analysis, incident investigation, reporting)
• Experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders.
• Exhaustive technical knowledge and hands on experience in several security domains
• Thorough understanding of technologies and security concepts, with knowledge & hands on experience in SIEM Product and Security Incident Management
• Program and project management expertise
• Taking initiative; be proactive and run decision-making processes autonomously
• Client focus and Results oriented: understand the business processes that IT & Security solutions provide and work on continuous enhancement
• Strategic vision: ability to develop strategic targets and to build paths to achieve them
• Communication skills: excellent communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner
• Analytical skills: interpretation of complex situations and elaboration of adapted solutions in a proactive way
• Rigor & Accuracy: focus on robust deliverables for long term achievements
• Flexibility: capacity to adapt in a fast-paced changing environment

Specific Qualifications

• Successful people management experience
• Professional credentials in one of the relevant IT Security disciplines is a plus (CISSP / OSCP / SANS)
• Experience in common scripting languages such as Python, PowerShell, Bash is a plus
• Experience in SIEM on ELK(Elastic Logstash Kibana) stack is a plus

ITCAN