Job Description

Who we areCredit Agricole Corporate and Investment Banking (Credit Agricole CIB) is the corporate and investment banking arm of Credit Agricole Group.Our Singapore center ("ISAP" or "Information Systems Asia Pacific") is the 2nd largest IT setup (after Paris Head Office) for Credit Agricole CIB's worldwide business. We work daily with international branches located in 30 markets by:

• Envisioning and preparing the Bank's futures information systems
• Partnering and supporting core banking flagships and transverse areas in their large scale development projects
• Providing premium In-house Banking applicationsThis unique positioning empowers us to bring our core banking business a sustainable competitive advantage on the market.We seek innovative and agile people sharing our mindset to support ambitious and forthcoming technological challenges.PositionComputer Security Incident Response Team Specialist (L2) (CSIRT Specialist)CSIRT Specialist is an individual member technical role within the Asia Information System Security (ISS) Team, reporting into IT Security Officer, Singapore and functionally aligned to Group's ISS CSIRT team in Head Office, France.ASIA ISS team oversees and supervise the Information System Security related matters in the region, including cybersecurity monitoring (SOC), incident response (CSIRT) and responding to each country's regulation proactively.The ASIA ISS CSIRT oversees detection, control and reporting of cyber incidents when it occurs and work closely with IT Operations team to recover and restore the systems that are affected by the security incident.In this role, CSIRT Specialist will be responsible for responding, managing and coordination of end to end Security Incident Management Lifecycle: Incident Identification, Triage, Containment, Eradication, Recovery and Lesson Learnt. Person will be technical point of contact to respond and drive the security incidents response in the region.Job ResponsibilitiesThe role has a wide spectrum of responsibilities and will be responsible for following activities (but not limited to) in day-to-day work: Identifying and detecting Incidents and taking immediate action on security incidents including (and not limited to) DoS attacks, malware attacks, phishing attacks, web attacks; End to end ownership in driving and coordinating Security Incident Response and Resolution activities; Responding to Security Threats and Intelligence alerts & notifications from Group CERT, Regional Regulators and authorized Threat Intelligence groups and ensuring appropriate preventive and detective actions are coordinated and deployed in liaison with IT Operations teams as per the defined approach and in timely manner; Owning end to end coordination, communications and deployment of action plans for Threat Advisories or lesson learnt from Security Incidents; Prepare detailed Incident Post-mortem report and Executive Summary to document the Security Incident chronology, root cause, remediation and lesson learnt; Creating and updating the incident response plan (IRP) and playbooks and ensuring periodical review of playbooks to ensure the relevancy of response actions in current context, including updated information of all stakeholders involved; Collaborate with other Geo's CSIRT team members on security matters and act as a backup to manage security incident and other security activities in scope as needed; Periodic review of security measures of Networks (Switches. Routers, Firewall, IPS, etc.) and Systems (Win*,*NIX, etc.) in support of management of vulnerabilities; Support and integrate with incident response, threat intelligence, and overall security strategy as needed; Complete all mandatory trainings as required to attain and maintain competence; Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer, zone wide. Support and run annual "table-top incidents" exercise with management. Vulnerability management: Ensure vulnerability remediation process is known followed and at the expected level of performance In case of severe security incident (suspected or effective attack): Coordination of investigation, mitigation, and remediation operation in relation with IT operation and application teams.Work Schedule Work Hours: 8.45a.m. to 6. 30p.m with one-hour lunch break Additionally, candidate may need to be involved if there are Critical/Crisis Security Incidents observed outside of Singapore working hours.Qualification Requirements Bachelors graduate or equivalent technical degree in Information Technology or Computer Science; with minimum 8 years of experience in IT and minimum 5 years the Cyber security field; Must have working experience of 1- 2 yearsin managing Security Incidents and in performing security incident response and investigations for an enterprise level environment; Working experience in financial organisation is preferred; Strong understanding of SIEM and SOC Processes; Strong functional knowledge of enterprise level Security Detection and Prevention technologies e.g. Firewalls, IPS/IDS, Network Packet Analysis and Endpoint log analysis, server log analysis, SIEMs, Vulnerability Scanning tools, Threat intel, Anti-Malware, Phishing Prevention and Endpoint Detection & Response (EDR); Scripting knowledge using Python, Perl, PowerShell; Must have strong understanding of different domains of IT Security cyber kill chain, IOCs, and attack frameworks Ability to apply risk based approach while working on assigned responsibilities; Excellent in analytical and problem-solving skills, communication and documentation skills; Ability to work independently andpriories work as well as a part of team with minimal supervision; Demonstrate Strong sense of responsibility and initiative with excellent communication and interpersonal skillstime management skills; Excellent written and oral English language skills; Professional Certifications: Should have at least one of the certifications in regards to Information Security e.g. CISSP, Comptia Security+, IR (Incident First Responder) e.g. GCIH, E | CIH