(A) Incident Response Manager - CSIRT

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

About the job (A) Incident Response Manager - CSIRT

Incident Response Manager - CSIRT

Department / Functional Area: Group Information Security (GIS)
Reports to: Senior Manager, Cyber Threat Management & CSIRT, Group Information Security
Geographical Responsibilities: Global
Position Objective: The role of the candidate is to be a part of the GIS Cybersecurity team to function as a part of the Cyber Security Incident Response and Monitoring Team (CSIRT). The candidate would be required to ensure that all threats/risks that could impact or have a potential impact on the organization environment are responded, managed and handled in a timely and complete manner.

Roles and Responsibilities:

1. Lead Incident Response (IR) engagements and guide local business units through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations).
2. Support service providers performing Cyber Security monitoring, to enhance their monitoring and triage investigation processes capabilities prior to escalation.
3. Leverage detection and response solutions in place, to further assess any escalated potential incidents.
4. Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders.
5. Communication and coordination of Cyber Security Incident response actions with Business Units.
6. Management of Cyber Security Incidents for the Group, within SLA.
7. Partnering with key service providers to support security investigations.
8. Analysis of Cyber Security threat intelligence, ensuring that Group prevention, detection and response capabilities setup is maximized against those new threats.
9. In-depth analysis of malware or other potential malicious processes or software identified in the organization.
10. Coordination of Cyber Security testing activities and providing advice on remediation.
11. Develop, document, and maintain SOPs and knowledge base for cyber security services including incident response, intelligence analysis, evidence acquisition, forensics recovery, and others.
12. Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response.
13. Prepare, write, and present reports and briefings.

Financial and Non-Financial Measures:

The role would not be required to deal with any financial measure. Timeliness and punctuality at work and delivery is expected.

Communication Requirements:

Excellent verbal and written communication skills, fluent in English. Should have strong interpersonal skills.

Minimum Job Requirements:

1. Degree in Computer Science or related discipline.
2. 5+ years experience working hands-on technical role in Cyber Security Monitoring and Incident Response (SOC & IR).
3. Ability to learn and apply Containment, Mitigation, and Remediation concepts based on TTPs.
4. Good experience and knowledge on cybersecurity incident response/ethical hacking/forensic analysis & SIEM solutions.
5. Adequate experience in handling Phishing, DLP, Malware, Web & network attack incidents and understanding of remediation methods for specific incidents.
6. Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
7. Ability to handle stressful situations and think on the feet and strong decision making.
8. Excellent written and verbal communication skills and ability to escalate timely to management. Experienced in multicultural virtual team management and coordination.
9. Desirable: ECCouncil Computer Hacking Forensics Investigator (CHFI), Technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Reverse-Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA).