- Permanent, Full time
- OCBC Bank
Cyber Defence Analyst
Cyber Defence AnalystCyber Defence Analyst analyses collected information to identify weakness and potential exploitation of cyber threats. With the information, the analyst is to recommend preventive measures or raise an incident to stakeholders for their preventive actions. This is a technical role and requires hands-on knowledge of the latest adversary techniques / tactics, threat detection and response tools.
- Analyse findings from intelligence sources or through detection of cyber events and provide assessment to the management.
- Determine potential cyber threats and their impacts to the organisation.
- Identify potential cyber threats within the organisation (e.g. software, network and system).
- Perform cyber threat assessment.
- Propose mitigation to address cyber threats.
- At least 5 years of experience in cyber security field.
- Knowledge of what constitutes a cyber-attack and the relationship to both threats and vulnerabilities.
- Knowledge of threat risk assessment.
- Knowledge of network access, identity, and access management used in the organisation.
- Knowledge of network protocols and traffic flows used in the organisation.
- Knowledge of applications being used in the organisation and the weaknesses that can affect them.
- Knowledge of emerging organisation technology that has potential for exploitation by adversaries.
- Knowledge of local specialized system requirements (e.g. critical infrastructure systems that may not conform to standards for safety, performance, and reliability).
- Skill in assessing the robustness of security systems and designs.
- Skill in using network analysis tools to identify vulnerabilities.
- Skill in determining risk/vulnerability impact to the organisation.
- Skill in using incident response tools.
- Ability to identify systemic cyber issues based on the analysis of tactics, techniques and procedures reported to be used by cyber threat actors.
- Ability to identify systemic cyber issues based on the analysis of events from security monitoring systems.