Cyber Security Incident Response Analyst

DFI Company Brief
DFI Retail Group (the ‘Group’) is a leading pan-Asian retailer. At 31st December 2021, the Group and its associates and joint ventures operated over 10,200 outlets and employed some 230,000 people. The Group had total annual sales in 2021 exceeding US$27 billion.
DFI Retail Group is a leading pan-Asian retailer and operates across four broad formats: Food (including Supermarkets, Hypermarkets and Convenience stores), Health & Beauty, Home Furnishings, and Restaurants. The Group has operations in 12 markets and operates multiple formats in most markets to satisfy different customer segments and trades under well recognised brands. DFI digital is a new entity by DFI retail group to provide more advanced online shopping experience.

About the role:
We are expanding and looking for a Cyber Security Analyst to join our IT Security Team. This position is the Level 2 blue team within the Cyber Security Incident Response Team (CSIRT) for cyber security investigations and incident handling. Your background should include hands-on security incident response and exposure to security technologies including firewalls, IPS/IDS, EDR, DLP, Vulnerability management, logging, monitoring, detection, security incident response, exposure to digital forensics and Threat hunting. You should have a good understanding of network security, system administration and Production Support of Security platforms. To execute your expertise with excellent stakeholder management while problem solving will be a top priority for you.

Core Responsibilities:

• Responsible, interpreting, conducting analysis, enhancing, and making recommendations for resolution from security logs sources and alerts from the (SIEM, SOAR, IAM, CASB, EDR, SEG & other security tools) and other threat detection systems for threats activity from our managed services Security Operations Centre (SOC).
• Act as team leader and responsible for cyber security incidents arising (e.g. for end-point devices such as laptops, desktops, servers, firewalls, routers, O365, SEG, security devices, etc), including those escalated by Security Operations Centre (SOC). This involves following up with the respective end users and IT personnel to ensure incidents are effectively closed.
• Lead and Implement data loss prevention (DLP) measures (e.g. on end-point devices and email system), as well as monitor alerts and take necessary follow-up and remediation actions as required.
• Oversee tracking, follow-up and closures of issues/incidents to achieve 100% SLA completion.
• Cyber Threat Hunting and Incident Response
• Performs proactive threat hunting within on-premise and cloud environments to uncover indicators of threat activities.
• Performs digital forensic preservation, legal documentation and electronic discovery for incidents and investigations.
• Report incident statistics and provide analysis of incidents.
• Prepare regular cyber security status reports for submission to Leadership team.
• Plan and conduct annually Cyber Security drill.

Requirements

Education/Skill:

• Degree in Information technology or equivalent
• Minimum 5 to 7 years' experience in IT/Cyber Security Incident Response, Security monitoring, SOC functions, computer forensics, cybercrime investigations, Threat intelligence or Threat Hunting.
• Thorough understanding of security technologies and concepts, with knowledge and hands-on experience in SIEM and Soar products and security incident management
• Experience performing security monitoring and incident response activities in an advanced Security Operations Center (SOC) environment, including log analysis, event analysis, incident investigation, and reporting
• Ability to investigate incidents, remediate, track, and follow up for incident closure with concerned teams and stakeholders • Strong program and project management expertise, with the ability to take initiative, be proactive, and run decision-making processes autonomously
• Excellent communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner
• Analytical skills with the ability to interpret complex situations and develop appropriate solutions proactively
• Flexibility to adapt to a fast-paced, changing environment while maintaining a focus on rigor and accuracy in deliverables
• Knowledge in OWASP and common attack vectors in different platforms (Windows, Linux, Network, etc)
• Knowledge and experience in Qualys, PAM, Netscope, Minecast, SentinelOne, Asure Security Centre is preferred
• Experience and understanding of IT operations and processes
• Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, NIST, PCI-DSS, Data Protection etc ., cyber security threats, tools and best practices

Experience in working with managing external vendor supporting SOC

Professional Certifications
Preferred Certifications: CISSP, CEH, GCIH, GIAC, SANS certifications or equivalent

Profile:

• Demonstrated project exposure from previous work experience
• Ability to co-ordinate many dependencies and multiple demands in a fast-paced, fast changing operating environment
• Ability to work Independent with less supervision
• Excellent oral, written communication and presentation skills

Benefits

• A vibrant and international team with multi-cultural and diverse backgrounds
• Solving challenges with inspiring colleagues in an all hands-on deck environment
• Management team that recognizes top performers, welcome our newbies, and shares a love for good food
• Competitive package, incentives, allowances, food perks, insurance, pension and more