Job Description

It’s Time Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we’ve earned a place at the forefront of our industry. Our lawyers are leaders in their field – and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find innovative new ways to deliver our services and maintain our reputation for excellence, in all that we do. The nature of law is changing and with that change brings unique opportunities. With our collaborative working culture, flexibility, and a commitment to your progress, we build rewarding careers. By joining our global team, you are supported by colleagues from around the world. If you’re ready for a new challenge, it’s time to seize the opportunity. Department purpose The Global Information Security & IT Risk team is responsible for setting the firm wide strategy for Information Security and changing, managing and maintaining controls to ensure continuous alignment with the strategy. The team must deliver and support robust, reliable, cyber and information security controls 24x7x365 on a global basis. The Information Security & IT Risk team is responsible for primary controls assurance, client compliance and security requirements and controls definition. In addition the team is also responsible for tracking obvious and far less obvious threats and vulnerabilities to ensure that protection of client data and the firms digital services, information and data remains robust even as the threat environment constantly evolves. Role purpose The Senior Threat and Vulnerability Analyst (Singapore) is a key member of the Global Information Security Operations team. The job is focused on six outcomes:

• Expand the scope of IT assets addressed by the operational vulnerability management process to meet the vision and requirements of the IT Vulnerability Management Standard. Further together with the Snr Threat & Vulnerability Analyst New York own the primary vulnerability analysis tool (Qualys) and ensure it is maintained and operationally effective and provisioned into new operating environments (for example new cloud VMs) before those environments go live.
• Lift the quality of documented InfoSec risk and threat analysis such that there is a clear description of the potential technical and business impact associated with the issues within the monthly vulnerability reporting pack, vulnerabilities in general and/or the solutions under assessment. Provide input into the vulnerability and threat register and be able to justify vulnerability and threat characterisations when challenged especially during the monthly vulnerability reporting cycle.
• Strengthen the dexterity of security logging and monitoring whilst working with the security logging and SIEM Snr Analyst in Belfast ensure that a) Application as well as general infrastructure telemetry is logged b) Security monitoring rules are iteratively built and tested which identify anomalous application and well as general IT infrastructure behaviour.
• Find back doors and miss-direct attackers adopt a “think like a hacker” mind-set and look for open services (for example network APIs) and ensure that those services are only available to legitimate digital service consumers. Miss-direct attackers by leading the deployment, maintenance and monitoring cyber honeypots. Adopt and actively use the MITRE and STRIDE frameworks and their lexicon and promote the use of the frameworks in InfoSec globally and IT.
• Build reliable consistent primary vulnerability data by firstly taking a leading role in collaborating across IT Service and InfoSec to draft the monthly top 15 vulnerability pack. Secondly maintain the vulnerability and threat registers in the firm. Thirdly collaborating closely with the Security Operations Manager (Belfast) and the Snr Mngr Security and Data Compliance (Belfast) to ensure vulnerability and threat information is shared quickly and efficiently. Fourthly attending weekly vulnerability working group meetings with IT Service to ensure service patching teams are leveraging the best quality vulnerability intelligence.
• Globalise the InfoSec incident response process by a) Monitoring the main InfoSec mailbox and ticket queue during local business hours b) Initiating and managing the InfoSec incident response process when a suspect incident occurs in local business hours c) Collaborating with InfoSec colleagues in Europe and North America to ensure that priority tasks and issues are handed over before close of local business operations.

• Works closely with the Senior Manager Security & Data Compliance (Belfast) who is the global leader of security operations.
• Work alongside Senior Threat and Vulnerability Analyst (New York) sharing vulnerability and threat intelligence and the Manager Security Operations (Belfast).
• Maintain a close working relationship with the IT Service patching teams globally.
• Maintain a relationship with the CISO.

• Expand the scope of IT assets addressed by the operational vulnerability management process in order that scanning and analysis is performed for all digital services.
• Provide InfoSec risk and threat analysis and be able to justify vulnerability and threat characterisations when challenged.
• Strengthen the dexterity of security logging and monitoring such that logging and monitoring enables insight into application behaviour as well as general IT infrastructure.
• Find back doors and miss-direct attackers by taking a view of vulnerability over and above the output of vulnerability scanners and pen test tools and by managing, maintaining and monitoring cyber honey pots.
• Act as a leader promoting the adoption and use of the MITRE and STRIDE frameworks across global Security Operations team globally.

• Security operations staff (Singapore) (3 currently) of which some supervision would be required.

• Demonstrate significant experience of IT security and IT infrastructure security, security vulnerability management and cyber incident response.
• Be educated to at least degree level ideally in Computing Science or Information Security or Cyber Security.
• Be familiar with log analysis / data analysis tool like ELK and be able to leverage such tools to accelerate the analysis of a suspect security incident.
• Demonstrate energy and tenacity and the ability to delivery threat and vulnerability analysis in time critical and sometimes demanding situations.
• Have an implicit sense of placing technology and data risk in a business context by pro-actively developing a sound understanding of how the business harnesses data and technology as well as the forensics of cyber security.
• Be able to communicate well visually (through slides and pictures).
• Be able to work with a small technical team and provide supervision when required.