Cyber Security Senior Security Operations Analyst

Cyber Security Senior Security Operations Analyst

Education, Training and Previous Experience:

• Advanced working knowledge of Microsoft Defender security stack including Defender for Endpoint, Identity, Office and Cloud
• Experience with Sentinel and be comfortable writing KQL
• At least 5 years working in a SOC or Security Engineer role
• Knowledge of MITRE ATT&CK framework
• Experience working in an Agile / Sprint based delivery environment
• A security mindset – always looking for the weaknesses in existing systems
• Passion for Cybersecurity – demonstrated engagement in security conferences, training, learning, keeping up to date with knowledge is highly desirable
• Training from SANS / Antisyphon / BTL / LetsDefend or GIAC / BTL2 / OSCP / Microsoft security certification desirable or other similar credentials
• Experience implementing security controls to manage and protect BYOD

Technical and Business Experience:

• Knowledge and understanding of relevant legal and regulatory requirements, such as: PII & PCI DSS.
• Knowledge of common Cybersecurity frameworks such as CIS18, NIST Cybersecurity Framework or OWASP

Knowledge and Skills:

• Excellent written and verbal communication skills in English and Mandarin, interpersonal and collaborative skills
• Ability to work independently on defined tasks and can be relied upon to deliver high quality results
• Demonstrable problem solving, analytical skills and attention to detail
• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
• Business and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
• Great inter-personal skills
• Lifelong learner with endless curiosity

Responsibilities:

• Design and Implement Security Controls: Develop and deploy technical security controls to protect infrastructure, applications, and sensitive data including network firewalls, intrusion prevention systems, web security and data loss prevention tools.
• Manage, maintain, troubleshoot and tune the Microsoft Defender XDR security stack including endpoints, email, cloud and identity services.
• Support system/infrastructure hardening and ensure that all systems and processes adhere to industry security standards and best practices.
• Implementing controls to protect BYOD devices.

Monitor and Defend Infrastructure:

• Work with the client’s Managed Security Services Provider to monitor the client’s systems across public cloud, schools and offices for security incidents, anomalies and poor cyber hygiene events.
• Research ideas for and create new detection use cases to identify emerging attacks.
• Respond to security incidents in a timely and effective manner.
• Run purple teaming activities to ensure quality of detections.
• Plan and conduct threat hunting activities.
• Lead and participate in incident response activities, including detection, analysis, containment, and remediation of security events.
• Create and update security incident response runbooks.
• Support security incident response tabletop exercises.
• Provide on-call services during off hours and weekends.

Vulnerability Management:

• Identify and remediate security vulnerabilities within the environment by conducting vulnerability assessments, analysing scan results, coordinating patch management and configuration changes.

Threat Intelligence and SIEM Management:

• Monitor security news for threats and vulnerabilities that would impact the client’s systems and network.
• Utilize threat intelligence to enhance detection and prevention capabilities.
• Manage, tune, and maintain the organization's SIEM system to provide actionable insights.
• Cost management of SIEM including filtering out unnecessary log sources & events.

Automation:

• Identify opportunities to automate security tasks and processes to increase operational efficiency and reduce response times.

Collaboration and Support:

• Work with cross-functional teams, including School & Regional IT, Service Desk, Operations & Infrastructure to support security requirements for ongoing projects and business operations.
• Provide SecOps KPIs, OKRs and other security metrics to support scheduled and ad hoc reporting activities.
• Provide security consulting services to internal stakeholders.
• Monitor and handle the Cybersecurity ticket queue.
• Take ownership of additional duties as required.

Company Information

Registration No. 201001041534 (925462-T)