CLIENT is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.
Our customers span industries and geographical regions; and our focus is to engage in the dynamics of our customers’ vertical markets; including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and apply the skills of our 6,500 employees in modernising key digital pillars; data centre and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernisation.
We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, CA Technologies, NetApp, Microsoft, Oracle, VMware and ServiceNow.
Senior Security Analyst, Security Operation Center (SOC)
The role is part of our regional SOC team, tasked to deliver Managed Security Services (MSS) and help customers achieve its business goals & objectives by re-imagining cybersecurity as one of its business enabler. The role reports to SOC vertical based in Singapore.
Its great opportunity to put your past experiences in building a world class SOC and address cybersecurity challenges of organizations in the region. It provides exposure to wide variety of security technologies, and provides opportunity for the candidate to pioneer in developing SOC and build new MSS offerings.1.0 Job Responsibilities:
2.0 Required Qualifications:
- Work in 24x7 shift to handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.
- Escalate critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.
- Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation.
- Go that extra mile to proactively work with to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.
- Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
- Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.
- Lead new deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.
- Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.
- Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.
- If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.
- Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and requests.
- Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information security.
- Excellent hands on experience in implementations, incident analysis of IBM QRadar, Alienvault SIEM technologies and should hold relevant vendor certifications.
- Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Cisco AMP for endpoint.
- Hands on experience on email security solutions. Preferred if that is on Cisco Email Solutions.
- Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
- Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.
- Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.
- Candidate should have at least one SANS certification. Preferred if that is GCIH
- Good understanding of basic network concepts and advantage if exposure to cloud technologies.
- Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards
- Excellent soft skills in English and advantage if can speak Mandarin.
- Advantage if have hands on experience in performing vulnerability assessments and presenting to business teams
- Experience in penetration testing and report drafting
- Experience in Forensics and Incident Response
- Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds.
- Having experience in security standards viz., ISO 27001:2013, NIST, CIS etc
This is by no means an exhaustive list of responsibilities. It is anticipated that this role may evolve and more responsibilities would be added to the current job description.