Job Description

Location: Singapore, Singapore Thales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity. We are ground breaking new digital technologies such as 4G mobile communications, cryptography, cloud computing and big data for use in physical protection systems, and critical information systems. Thales established its presence in Singapore in 1973 to support the expansion of aerospace-related activities in the Asia-Pacific region. Throughout the last four decades, the company grew from strength to strength and is today involved in the primary businesses of Aerospace (including Air Traffic Management), Defence & Security, Ground Transportation and Digital Identity & Security. Thales today employs over 2,100 people in Singapore across all its business areas.

• Proactively monitoring systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs with our regional and global OT/IT customers.
• Get your toolbox out and dive deep into systems to help us identify and eradicate attackers, use your network analysis skills to find evil on the wire.
• Ensuring processes and operational documentation is maintained (e.g. automation and orchestration, incident response, playbooks, threat hunting), fit for purpose and updated regularly to reflect changing business needs.
• Implementing the processes based on updated operational documentation for cyber defence, in collaboration with our customers.
• Analysing cybersecurity events and incidents to solve issues and improve incident handling procedures, playbooks and threat hunting process.
• Consuming threat intelligence and determine attacker’s tactics, techniques, and procedures (TTPs) to drive defence.
• Triaging and investigation of notable events before elevating them to an incident and executing the incident response and threat hunting process.
• Investigating and handling escalated events and incidents in collaboration with our customers and seeing them through to closure.
• Tuning detection and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
• Providing practical recommendations to our customers based on significant threats and vulnerabilities.
• Creating thorough reports and documentation of all events, incidents and procedures, presenting findings to team and leadership on a routine basis.
• Leading the Integration and on-boarding for new customers. Assist with the technical architecture and installation of our solutions into their existing environment(s). Work with our customers to ensure overall goals and business requirements are properly met by the service.
• Ensuring successful delivery and customer satisfaction while meeting SLO’s (Service Level Objectives). Report services status and overall conditions back to our customers on a regular basis.
• Acting as direct point-of-contact with our customers. Ensure that they are kept up-to-date on the latest status for their issues. Resolve any questions they may have, then correctly and efficiently escalate any issues beyond your direct capabilities.
• Acting as Subject Matter Expert to provide insight and guidance to our customers engaging in prevention measures.
• Keeping up to date with current cyber developments and trends, and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team.
• Write scripts for automations.
• On-call may be required

Skills

• Demonstrable skills in consuming threat intelligence to aid the detection of potential cybersecurity events and incidents.
• Demonstrable skills in using security analytics tooling to provide contextual data to allow for a thorough assessment of an event.
• Demonstrable skills in using a SIEM solution and/or security analytics platform effectively to identify events that warrant further investigation.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Ability to prioritise tasks according to the risk posed to our customers.
• Ability to communicate effectively written and verbally and influence our customers in order to minimise cyber risk through effective monitoring, detection and where necessary mitigation.
• Ability to document and explain technical details clearly and concisely.
• Be fanatical about delighting our customers.
• Excellent organisation, time management, and attention to detail.
• Must be action-oriented and have a proactive approach solving issues.
• A willingness to be challenged and a strong desire to learn.
• Come up with ways to do things faster, better and more effectively while maintaining a laser focus on quality.
• Ability to work independently and as part of a team.
• Ability to work under pressure.

Experience

• Minimum of 5 years’ experience in a cyber defence environment.
• Proven experience of implementing and managing security monitoring and response in a complex organisation.
• Proven experience of working in an operational environment, such as SOC, CSIRT or CERT function.
• Knowledge of the MITRE ATT&CK, Cyber Kill Chain and NIST framework and how this can be used to further improve security monitoring and detection.
• Proven experience in determining how a security system should function and how changes in conditions, operations, or the environment will affect these outcomes.
• Proven experience on consuming threat intelligence to drive defence.
• Proven experience on leading the response to a cybersecurity event and incident.
• Proven experience in developing and deploying signatures and correlation rules on a wide range of platforms.
• Experience working on a mission critical operations team, preferably 24x7.
• Experience with Linux and MS Windows operating systems.
• Experience with Cloud environments.
• Experience with DevOps technologies like, containers, kubernetes, CI/CD pipeline, etc.
• Experience in using scripting languages to automate tasks and manipulate data or programming experience is a plus.
• Experience of mentoring junior analysts.

• Exposure to OT systems and concepts would be looked upon highly favourably.
• Knowledge of cybersecurity and information security controls best practice with supporting qualifications where possible – such as CISSP, CISM.
• Knowledge of relevant legislation, government standards and industry best practices such as CIS, NIST framework, MITRE ATT&CK, ISO 27001, PCI DSS, GDPR, IEC 62443, etc.
• Understanding of information security management concepts to support solutions and processes.
• Deep understanding of log parsing & management, security orchestration and automation, incident response process, playbooks development and threat hunting process.
• Knowledge of attack vectors, threat tactics and attack techniques.
• Familiarity with network architecture and security infrastructure placement.
• Technical knowledge of computer network and systems and necessary controls that can be used to prevent unauthorised access.
• Deep understanding of cyber defence operations, best practices and processes.
• Familiarity with cyber defence systems and security analytics tools.
• A board understanding of network and computer system architecture, operations and protocols.
• Solid foundation in networking fundamentals, with deep understanding of TCP/IP and other core protocols.
• Knowledge of network based services and client/server applications.
• Understanding of operating systems including Linus/Unix, MacOS, MS Windows and command line tools.
• Knowledge of cloud computing like, AWS, Azure, GCP, etc.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!