Job Description

• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means
• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting
• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds
• Review vulnerabilities advisories
• Review and process threat intelligence reports
• Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients
• Assess each event based on factual information and wider contextual information available
• Review, propose and generate reports to automate or reduce low value event escalations
• Build rules and intelligence to detect such threats and proliferate to all monitored networks. Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc.
• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)
• Assist the Security Analysts with the investigative works
• Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst
• Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case
• Any other tasks as assigned

• Degree holder with at least 5 years' of experience in related field and capacity
• Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
• Possessed deep interest in open source research and critical thinking / contextual analysis abilities
• Investigative and analytical problem solving skills
• An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security;
• Related professional cyber security certification, such as GCIA, CEH, will be preferred.
• Experience with intelligence analysis processes, including Open Source Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis, and threat actor.
• Ability to research and characterize security threats to include identification and classification of threat indicators