- Permanent, Full time
- OCBC Bank
- 22 Nov 17
Cyber Defence Engineer & Analyst
Cyber Defence Engineer & AnalystCyber Defence Analyst analyses collected information to identify weakness and potential exploitation of cyber threats. With the information, the analyst is to recommend preventive measures or raise an incident to stakeholders for their preventive action. The successful candidate will:
- Analyse findings from intelligence sources or through detection of cyber events and provide assessment to the management.
- Determine potential cyber threats and their impacts to the organisation.
- Identify potential cyber threats within the organisation (e.g. software, network and system).
- Perform cyber threat assessment.
- Propose mitigation to address cyber threats
The ideal candidate would possess:
- At least 8 years of experience in cyber security field.
- Knowledge of what constitutes a cyber-attack and the relationship to both threats and vulnerabilities.
- Knowledge of threat risk assessment.
- Knowledge of network access, identity, and access management used in the organisation.
- Knowledge of network protocols and traffic flows used in the organisation.
- Knowledge of applications being used in the organisation and the weaknesses that can affect them.
- Knowledge of emerging organisation technology that has potential for exploitation by adversaries.
- Knowledge of local specialized system requirements (e.g. critical infrastructure systems that may not conform to standards for safety, performance, and reliability).
- Knowledge of data backup, types of backups (e.g. full, incremental), and recovery concepts and tools used in the organisation.
- Skill in assessing the robustness of security systems and designs.
- Skill in using network analysis tools to identify vulnerabilities.
- Skill in determining risk/vulnerability impact to the organisation.
- Skill in using incident response tools.
- Ability to identify systemic cyber issues based on the analysis of tactics, techniques and procedures reported to be used by cyber threat actors.
- Ability to identify systemic cyber issues based on the analysis of events from security monitoring systems.
- Excellent oral and written communication skills to communicate to all stake holders on the red teaming activities
- Certifications such as CISSP, CISA, CREST, OSCP, CEH, GWAPT, SANS GIAC will be an added advantage