L3 Digital Forensic & Incident Response I IT Security, Group Technology & Digital

L3 Digital Forensic & Incident Response I IT Security, Group Technology & Digital

Maybank WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia Responsibilities : Develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure Develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure Develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks Develop and maintain SIEM queries, dashboards, reports, and alerts customized to security operations and threat detection use cases. Conduct ad hoc and periodic compromise assessments of Maybank networks and systems and report on findings Support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed Conduct threat hunting on Maybank systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats. Analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent Analyse artefacts and logs to determine malicious intent and / or scope of incident Report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners and other stakeholders Create rules to detect adversary TTP on Maybank systems and network Evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times Conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes Work closely with other teams including IT Security Engineers regarding improving detection / blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures. Utilizing scripting / programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency Configuring risk based alerts and defining response playbooks Executing threat hunting assignments and providing update reports with recommendations for security improvement Representing the IR team in cyber drill exercises. Being present whenever required for incident response, when required. Mentor IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis. Working with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms. Reviewing and improving CSIRT Incident management processes continuously. Playing the role of acting Incident Response manager / lead, in his / her absence. Job Requirements : Bachelor’s Degree in Computer Science or Information Technology majoring in Cybersecurity, Networking or any related field Certifications an advantage - SANS GIAC Certified Incident Handler / SANS GIAC Reverse Engineering Malware / Certified Ethical Hacker (CEH) CompTIA CySA+. Job experience in DFIR an advantage

#J-18808-Ljbffr