L3 Digital Forensic & Incident Response I IT Security, Group Technology & Digital

L3 Digital Forensic & Incident Response I IT Security, Group Technology & Digital

Maybank WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Responsibilities :

• Develop and maintain honeypots and supporting infrastructure and be SME on honeypots and honeypot infrastructure
• Develop and maintain threat analysis lab virtual machines, cyber ranges and supporting infrastructure and be SME on lab machines and supporting infrastructure
• Develop and maintain open source or in-house tools, scripts, automation and systems as needed to support threat intelligence and incident response tasks
• Develop and maintain SIEM queries, dashboards, reports, and alerts customized to security operations and threat detection use cases.
• Conduct ad hoc and periodic compromise assessments of Maybank networks and systems and report on findings
• Support the Security Operations Center in validating daily security alerts by investigating the malicious artefacts and binaries when additional coverage is needed
• Conduct threat hunting on Maybank systems and networks to identify undetected activities and breaches, while also creating proactive and reactive rules to alert IT Security on potential threats.
• Analyse code (binaries, scripts, web scripts) and malspam emails to determine malicious intent
• Analyse artefacts and logs to determine malicious intent and / or scope of incident
• Report and document results of analysis and recommend follow up actions, remediation and security control gaps to IT Security, application owners and other stakeholders
• Create rules to detect adversary TTP on Maybank systems and network
• Evaluate, implement, and fine-tune Endpoint Detection and Response (EDR) and other detective solutions to improve threat detection and response times
• Conduct a clean-up of Indicators of Compromise (IOCs) by identifying and removing duplicates to optimize threat detection and response processes
• Work closely with other teams including IT Security Engineers regarding improving detection / blocking reducing false positives, the threat intelligence team to ensure real-time threat data is integrated into detection systems and incident response procedures.
• Utilizing scripting / programming skill such as Phyton, Yara etc to automate repetitive incident response tasks such as data extraction or improving overall efficiency
• Configuring risk based alerts and defining response playbooks
• Executing threat hunting assignments and providing update reports with recommendations for security improvement
• Representing the IR team in cyber drill exercises.
• Being present whenever required for incident response, when required.
• Mentor IR and SOC analysts on improving digital forensics & incident response (DFIR) analysis.
• Working with the SOC and SIEM engineers closely to recommend solutions for threat activity logging gaps, reduction of false alarms.
• Reviewing and improving CSIRT Incident management processes continuously.
• Playing the role of acting Incident Response manager / lead, in his / her absence.

Job Requirements :

#J-18808-Ljbffr