Lead Security Architect - Incident Response-36729


Profession Architecture


Work Location Asia Pacific-Singapore-Singapore


Schedule Full-time


Description

Lead Security Architect \xe2\x80\x93 Incident Response
As Lead Security Architect \xe2\x80\x93 Incident Response you will work on detecting and responding to new and emerging threats. Succeeding in this role involves understanding of IT systems, as well as knowledge of how underlying technologies interact.
Reporting to the Senior Lead Security Architect, you will be a part of the STORM, Security Threat & Operational Risk Management team responsible for proactively understand and detect threats to SITA, our customers and our industry and to coordinate the actions to minimize the risk from these threats.

At SITA, we achieve more, together. Are you ready to join us?
What you will do:
Incident Response:

• Respond, contain and remediate cyber attacks
• Perform sophisticated digital forensic, host-based or network analysis during an investigation
• Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
• Handle incidents until resolution
• Report potential security incidents
• Conduct research within the fields of Incident Response, Forensics and Threat Hunting to develop new strategies against threats

Triage:

• Conduct preliminary incident triage according to the Security Incident Response Procedure
• Determine and classify the severity of alerts; assess potential impacts of classification as defined in knowledge base
• Validate triage conducted by Level 1 / 2 Analysts and automated tools

Forensics:

• Perform forensic collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures, and conduct forensic investigations to industry standard methodologies
• Perform advanced Threat Hunting for unknown cyber security events in order to find, identify and categorize advanced cyber threats

Monitoring:

• Monitor automated tool outputs and conduct spot checks for accuracy
• Analyze and respond to security events and incidents from monitoring technologies or escalated by Level 1 / 2 Analysts
• Provide suggestions and feedback to improve the overall capabilities of the SOC team
• Research trends in new security threats, technologies and regulations; advise and train team members to maintain awareness
• Develop, build and integrate internal tools to augment and automate capabilities of the Global SOC to detect, respond and mitigate cyber security threats

Qualifications

Who you are:
5+ years of experience in at least three of the following:
\xef\x83\xbc Incident Response,
\xef\x83\xbc Malware Analysis,
\xef\x83\xbc Threat Intelligence,
\xef\x83\xbc SIEM Log monitoring and threat hunting. Even better if you have experience with security analytics solution such as Splunk, ELK stack,
\xef\x83\xbc End point Detection and Response (EDR).

• Strong understanding of evidence collection techniques, including forensic disk imaging and memory imaging
• Strong understanding of triage and analysis techniques such as memory analysis, timeline establishment, artifact analysis, etc
• Good understanding of the attack \xe2\x80\x98kill chain\xe2\x80\x99, common tools, techniques and procedures (TTPs) used by various types of attacker (e.g. hactivist, organized crime, advanced persistent threat, etc.)
• Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
• Broad understanding of securing end point & perimeter systems
• Good understanding of security compliance frameworks (e.g. ISO/IEC 27001, PCI DSS, etc.)

Education & Qualifications:

• Degree in a technical discipline (e.g. Information Security, Computer Science, Engineering, Mathematics, etc.) or enough work experience to demonstrate proficiency at this level
• Digital Forensic & Incident Response certification (e.g. GCFA) considered an advantage
• Ability to initiate, coordinate and prioritize responsibilities and follow through on tasks to completion.

What we offer:
SITA\xe2\x80\x99s workplace is all about diversity: many different countries and cultures are represented in our workforce, and colleagues who\xe2\x80\x99ve been working here for decades collaborate with those just out of college and early in their careers. SITA is a place of change and constant improvement, where we\'re always pushing ourselves to find better ways of doing things: smarter, quicker, easier, for us and our customers and for their customers too. And we offer all the good stuff you\xe2\x80\x99d expect like holidays, bonus, flexible benefits, medical policy, pension plan and access to world class learning. Welcome to SITA
SITA is the world\xe2\x80\x99s leading specialist in air transport communications and information technology. We don\xe2\x80\x99t just connect the global aviation industry. We apply decades of experience and expertise to address almost every core business, operational, baggage, and passenger process in air transport.
We design, build, and support technology solutions all with one vision to create easy air travel every step of the way. As an organization, we cover 95% of all international air travel destinations and work with over 2,800 air transport and government customers in every corner of the globe. Are you ready to explore the opportunities?

Keywords: incident response, security architect, threat, threat hunting, threat management, risk management, digital forensic, investigation, security incidents, incident triage, forensic investigation, In case of issues with uploading your CV or accessing the application system, please contact us @ careers@sita.aero


Job Posting Mar 3, 2023, 8:24:45 AM