Assistant Vice President - IT Security (Threat Hunting and Incident Response Analyst)
Carry out Threat Hunting, Threat intelligence and Incident Response functions to detect and respond to advanced cyber threats. The Job
Cyber Threat Hunting and Incident Response
- Formulate hypothesis based on anomalies and suspicions to develop hunts.
- Validate hypothesis and identify threat actor groups based on their techniques, tools and procedures.
- Detect, disrupt and eradicate threat actors from enterprise and networks.
- Actively develop hunts, translate them into an iterative process, and deploy them in Endpoint Detection and Response (EDR) solutions.
- React to EDR based alerts and perform forensic investigation.
- Develop and mature new and existing solutions for threat hunting detection capabilities.
- Keep abreast in the development and advancement in cybersecurity technology and the Cyber Threat Intelligence landscape.
- Work closely with SOC and other teams in CSIRT during incident response to contain and mitigate attacks.
Cyber Threat Intelligence
- Focus on the collection and analysis of information about current and potential attacks that threaten the safety of GEH and its assets.
- Applies sectoral and organisational (GEH) context to global, regional and local threat intelligence to identify potential cyber threats and determine levels of risk relevant to GEH.
- Perform sense making based on threat actor TTPs (Tactics, Techniques and Procedures), technical indicators of compromise, cyber-attack trends, on collected threat intelligence to identify potential attack campaigns and gather situational awareness to enrich cyber threat landscape for GEH.
- Proactively identify and provide threat insights to improve overall cybersecurity risk posture strategically.
- Performs operational threat assessment from threat intelligence received and collected.
- Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
- Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
- Highlights any potential concerns /risks and proactively shares best risk management practices.