Qualifications Required
Graduate
Experience Required
0 - 1 years
Description
Executive, Digital Forensics & Incident Response
Responsibilities:
- Develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure
- Develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure
- Develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks
- Conduct ad hoc and periodic compromise assessments of Maybank networks and systems and report on findings
- Support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed
- Conduct threat hunting on Maybank systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats.
- Analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent
- Analyse artefacts and logs to determine malicious intent and/or scope of incident
- Report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners and other stakeholders
- Create rules to detect adversary TTP on Maybank systems and network
- Evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times
- Conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes
- Work closely with other teams including IT Security Engineers regarding improving detection/blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures.
- Utilizing scripting/programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency
- Configuring risk based alerts and defining response playbooks
- Executing threat hunting assignments and providing update reports with recommendations for security improvement
- Representing the IR team in cyber drill exercises.
- Being present whenever required for incident response, when required.
- Mentor IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis.
- Working with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms.
- Reviewing and improving CSIRT Incident management processes continuously.
- Playing the role of acting Incident Response manager/lead, in his/her absence.
Requirements:
- Bachelor’s Degree in Computer Science or Information Technology majoring in Cybersecurity, Networking or any related field
- Certifications an advantage - SANS GIAC Certified Incident Handler / SANS GIAC Reverse Engineering Malware / Certified Ethical Hacker (CEH)
- CompTIA CySA+.
- Job experience in DFIR an advantage
Required Skills
- SANS GIAC Certified Incident Handler
CompTIA CySA+
DFIR
English
Malay
*GoKardz is recruiting on behalf of our client in the Banking sector. Powered by our cutting-edge digital identity platform, this opportunity is part of our platform-driven services that streamline and optimise talent acquisition for leading companies.