Security Incident Response Expert
AXA
Puchong
MYR 100,000 - 150,000
Job description
To support our business strategy and digital transformation, AXA is enlarging its Cyber Defense team to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Cyber Security is to protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees.
Job Purpose
- Digital Forensics and Incident Response (DFIR) activities including assessment, analysis, categorization, classification, and investigation of cybersecurity incidents.
- Manage cybersecurity incidents to ensure timely containment and risk mitigation engaging with operational teams and leadership as required and according to Security Incident Management Processes.
- Handle potential high severity incidents autonomously during non-working hours (on rotational on-call basis).
- Collect, document and analyze evidence as part of the digital forensics capability of Cyber Defense and AXA CERT.
- Follow-up security incidents resolution and track updates in ticketing tool.
- Notify and communicate to relevant stakeholders including Group and entity CISO/CSO’s.
- Support SOC Security Analysts and an international network of local security incident handlers from AXA entities.
- Perform lessons learned activities, e.g. security incident reviews, post mortem documentation. Contribute to the improvement of the DFIR capability including development and integration of open source and commercial tools in a dedicated forensic lab.
- Contribute to threat hunting activity proactively and in the context of high severity incidents.
- Participate in use case development and SIEM rules threshold tuning.
- Act as a mentor to more junior Security Incident Response Specialists, support and supervise them, ensure knowledge transfer within the team.
- Professional communications and reporting to SOC stakeholders and customers.
- Participate in exchanges with national and international CERT/CSIRT communities.
Responsibilities
- Security Incident Response Expert according to Security Incident Management Processes.
- Security Incident Reports and Lessons Learned.
- Communication to stakeholders.
- Security Incident Response documentation.
- Collect and document data from a variety of sources to assist incident response actions.
- Coordination with other teams for effective incident response.
- Mentor and guide the more junior Incident, Forensics & Threat Intelligence Manager.
- Coordinate complex security incident response that require deeper background knowledge.
- Provide leadership, guidance and deep technical expertise to deliver a professional services to customers.
- Continually maintain and improve technical capabilities through individual development activities.
Profile and Qualifications
Education
- Bachelor degree in Computer Science or Information Security would be desirable but is not essential
Certifications
- GIAC GCIH (SANS SEC504), GIAC GCFA (SANS FOR508)
- Strongly preferred: GIAC GDAT (SANS SEC599), GIAC GNFA (SANS FOR572), GIAC GCFE (SANS FOR408), GIAC GCIA (SANS SEC503), GIAC GREM (SANS FOR610)
- Preferred: Security infrastructure certifications
- Preferred: ITIL foundation
- Preferred: Offensive security certification (OSCP, SEC560, CEH)
Overall work experience in the field
- Demonstrated experience in performing Information security incident analysis and response > 4 years
- Demonstrated experience in SOC/CSIRT > 3 years
- Demonstrated experience in network / security infrastructure administration > 2 years
- Demonstrated experience Linux/Windows administration > 1 years
- Demonstrated experience in large and complex organisation(s) > 3 years
- Demonstrated experience in usage of ticketing tools
- Demonstrated on-the-job experience with any of the standard commercial SIEM tools
Technical skills
- Ability to identify risks, threats, vulnerabilities and associated attacks that might involve: malicious code, protocol/design/configuration flaws…
- Strong troubleshooting and analytical skills
- Understanding the Internet and detailed knowledge of network protocols (Ethernet, 802.11.X, IP, ICMP, TCP, UDP…)
- Knowledge of application/services related protocols (DNS, SMTP, HTTP, FTP…)
- Knowledge of network infrastructure elements and architecture (Firewall, Proxy, IPS, WAF…)
- Knowledge of current security vulnerabilities and related attack methodologies
- Detailed knowledge of packet capture analysis and usage of associated tools
- Detailed knowledge of log management (Syslog, CEF, debug levels, parsing…)
- Knowledge of encryption algorithms, digital signature mechanisms and PKI
- Knowledge of scripting, character manipulation and regular expressions
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
