Job Description

Cr\xc3\xa9dit Agricole CIB is the corporate and investment banking arm of Cr\xc3\xa9dit Agricole Group, the 10th largest banking group worldwide in terms of balance sheet size (The Banker, July 2022).
8,600 employees in more than 30 countries across Europe, the Americas, Asia-Pacific, the Middle-East and North Africa, support the Bank\'s clients, meeting their financial needs throughout the world.
Cr\xc3\xa9dit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital market activities, investment banking, structured finance, commercial banking and international trade.
The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.For more information, please visit www.ca-cib.comTwitter: https://twitter.com/ca_cib
LinkedIn: https://www.linkedin.com/company/credit-agricole-cib/By working every day in the interest of society, we are a group committed to diversity and inclusion. All our positions are open to people with disabilities.Reference 2024-89381Publication date 06/05/2024Job descriptionBusiness typeTypes of Jobs - IT, Digital et DataJob titleComputer Security Incident Response ExpertContract typePermanent ContractJob summaryPosition
Computer Security Incident Response Team Expert (CSIRT Expert)CSIRT Expert is a technical expert role within the Asia Information System Security (ISS) Team, Singapore, functionally aligned to Group\'s ISS CSIRT team in Head Office, France.
ASIA ISS team oversees and supervise the Information System Security related matters in the region, including cybersecurity monitoring (SOC), incident response (CSIRT) and responding to each country\'s regulation proactively.
The ASIA ISS CSIRT oversees detection, control and reporting of cyber incidents when it occurs and work closely with IT Operations team to recover and restore the systems that are affected by the security incident.
In this role, CSIRT Expert role will be responsible for responding and managing end to end Security Incident Management Lifecycle: Incident Identification, Triage, Containment, Eradication, Recovery and Lesson Learnt. Person will be technical point of contact to respond and drive the security incidents response in the region.Job ResponsibilitiesThe Expert has a wide spectrum of responsibilities and will be responsible for following activities (but not limited to) in day-to-day work:

• Identifying and detecting Incidents and taking immediate action on security incidents including (and not limited to) DoS attacks, malware attacks, phishing attacks, web attacks;
• End to end ownership in driving and leading Security Incident Response and Resolution activities;
• Participate and support performing forensics investigations as required to respond to the Security Incidents;

Responding to Security Threats and Intelligence alerts & notifications from Group CERT, Regional Regulators and authorized Threat Intelligence groups and ensuring appropriate preventive and detective actions are coordinated and deployed in liaison with IT Operations teams as per the defined approach and in timely manner; * Owning end to end coordination, communications and deployment of action plans for Threat Advisories or lesson learnt from Security Incidents;

• Prepare detailed Incident Post-mortem report and Executive Summary to document the Security Incident chronology, root cause, remediation and lesson learnt;
• Creating and updating the incident response plan (IRP) and playbooks and ensuring periodical review of playbooks to ensure the relevancy of response actions in current context, including updated information of all stakeholders involved;
• Collaborate with other Geo\'s CSIRT team members on security matters and act as a backup to manage security incident and other security activities in scope as needed;

Periodic review of security measures of Networks (Switches. Routers, Firewall, IPS, etc.) and Systems (Win*,*NIX, etc.) in support of management of vulnerabilities; * Support and integrate with incident response, threat ntelligence, and overall security strategy as needed;

• Complete all mandatory trainings as required to attain and maintain competence;

Supplementary Information

• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer, zone wide.
• Support and run annual \xe2\x80\x9ctable-top incidents\xe2\x80\x9d exercise with management.
• Vulnerability management: Ensure vulnerability remediation process is known followed and at the expected level of performance
• In case of severe security incident (suspected or effective attack): Coordination of investigation, mitigation, and remediation operation in relation with IT operation and application teams. on exceptional basis as occurred.

Position locationGeographical areaAsia, SingaporeCitySingapourCandidate criteriaMinimal education levelBachelor Degree / BSc Degree or equivalentAcademic qualification / SpecialityBachelor and above in relevant disciplineLevel of minimal experience6-10 yearsExperienceWork Schedule
v Work Hours: 8.45a.m. to 6. 30p.m (Monday to Friday) with one-hour lunch break.
o CSIRT team globally follows \'follow-the-sun\' model and work on Critical incidents from other geographies during Asia business hours;
v Additionally, candidate may need to be involved in Crisis level Critical Security Incidents observed outside of Singapore working hours on exceptional basis.Required skillsQualification Requirements\xc3\x98 Bachelors graduate or equivalent technical degree in Information Technology or Computer Science;
\xc3\x98 Must have minimum 10 years of experience in IT and 5-7 years of working experience in cyber security incident response role managing Security Incidents and performing log analysis and forensic analysis for an enterprise level environment;
\xc3\x98 Working experience in financial organisation is preferred;
\xc3\x98 Expertise in SIEM and SOC Processes;
\xc3\x98 Strong functional knowledge of enterprise level Security Detection and Prevention technologies e.g. Firewalls, IPS/IDS, Network Packet Analysis and Endpoint log analysis, server log analysis, SIEMs, Vulnerability Scanning tools, Threat intel, Anti-Malware, Phishing Prevention and Endpoint Detection & Response (EDR); Scripting knowledge using Python, Perl, PowerShell;
\xc3\x98 Must have strong understanding of different domains of IT Security cyber kill chain, IOCs, and attack frameworks
\xc3\x98 Ability to apply risk based approach while working on assigned responsibilities;
\xc3\x98 Excellent in analytical and problem-solving skills, communication and documentation skills;
\xc3\x98 Ability to work independently and priories work as well as a part of team with minimal supervision;
\xc3\x98 Demonstrate Strong sense of responsibility and initiative with excellent communication and interpersonal skills time management skills;
\xc3\x98 Excellent written and oral English language skills;
Professional Certifications:Technical skills requiredProfessional Certifications:o Must have at least one of the certifications in regards to IR (Incident First Responder) e.g. GCIH, E | CIH

Cr\xc3\xa9dit Agricole