- Permanent, Full time
- OCBC Bank
- 18 Mar 18
Cyber Defence Analyst (Cyber Threat Intelligence)
Cyber Defence Analyst (Cyber Threat Intelligence)Cyber Defence Analyst (Cyber Threat Intelligence) identifies, collects, analyses and disseminates cyber threat information for OCBC Group. With the information, they are to recommend preventive measures or raise an incident to stakeholders for their preventive actions.
- Perform cyber threat analysis, alerting, and reporting based on intelligence and information gathered from both internal and external sources
- Conduct research using multiple data sources, performs analysis and disseminates findings of key cyber threats to develop a comprehensive picture of the cyber threat landscape.
- Provide understanding of Advanced Persistent Threat (APT) actors, their motivations, skillsets, toolsets and intent
- Be part of a team that can perform deep inspection of both current and previous environmental indicators for indications of persistent attacker presence
- Hunt down and respond to targeted threats and intrusions
- Leverage Security Analytics to conduct research and analysis
- Find/develop new threat intelligence, detection, and suggest hardening strategies. Drive changes needed to respond to emerging threats
- Collaborate with leadership to improve investigation capabilities for responding to security events through tool building and training
- Identify incidents of significance through fusion of current and historic threat data; determine impact, urgency and audience to whom prevention, detection, mitigation and remediation guidance
- Prepare written reports and give presentations to internal and external stakeholders.
- Apply expertise to ascertain the impact of an intrusion and develop threat trends to develop mitigation techniques and countermeasures that can prevent future attacks
3-5 years of related experience in the following areas:
- Maintaining knowledge of threat landscape by monitoring OSINT and related sources.
- Providing updates on the cyber threat landscape, including cyber espionage, ecrime and hacktivism.
- Collecting, assessing, and cataloging threat indicators and responsibility for adding context to threat indicators to convey urgency, severity, and credibility
- Tracking cyber threat actors and their infrastructure, targeted attack techniques, tactics, and procedures.
- Cultivating and assessing new sources of threat information and intelligence.
- Dynamic analysis of malicious code, either manually or through a malware sandbox. Experience or knowledge of hunting and detecting malware through YARA and OpenIOC signatures.
- Analyze and triage malware use static/dynamic techniques, including investigations of botnet and rootkit behaviour.
- Analyze DNS, network, honeypot, IDS/IPS, logs and other common industry hunting tools and feeds
- Scripting (Python, Perl, Powershell, Bash, SQL etc...)
- Knowledge in network protocols and operating system structures and hierarchy. Performs network traffic analysis and event log correlation to identify malicious activity.
- Windows, Linux Operating System Knowledge
- Exposure to Security Analytics, Network and End-Point Threat Detection Products.
- Network-based and system-level attacks and mitigation methods
- Disk/network/memory investigation tools, log analysis, and developing custom scripts/functionality
- IT and InfoSec background including cryptography and network/systems security
- 2+ years performing information security incident responses are preferable.