Security Analyst III, Global Security Operation Center (SOC)

Why choose Logicalis?          

As Architects of Change, Logicalis' focus is to design, support and execute clients' digital transformation by uniting their vision with their technology expertise and industry insights. The company, through its deep understanding of key IT industry drivers such as security, cloud, data management and IoT, can address customer priorities such as revenue growth and business, operational efficiency, innovation, risk and compliance, data governance and sustainability. 

We strengthen our purpose: to design, support, and execute our customers' digital transformation by converging their vision with our technological expertise and knowledge of the industry. The brand refresh underpins both the evolution of Logicalis’ positioning as well as our strategic vision for growth. 

About the role

The role is part of our Global SOC team, tasked to deliver Managed Security Services (MSS) and help customers achieve their business goals & objectives by re-imagining cybersecurity as one of its business enablers. The role reports to SOC vertical based in Singapore.

It is a great opportunity to put your past experiences in building a world class SOC and address cybersecurity challenges of our global customers. We are looking for highly experienced cybersecurity analysts, who can proactively hunt for suspicious activities to help prevent breaches. It provides exposure to a variety of security technologies and provides an opportunity for the candidate to pioneer in developing SOC and build new MSS offerings.

Job Responsibilities:

• Actively research and stay updated with latest and new cyberattacks, TTPs, threat attackers, vulnerabilities and based on it perform proactive threat hunting in customer environments.
• Understand customer environments to develop use cases based on industry, targeted attacks, vulnerabilities, attack vector, threat landscape, TTPs etc., for the scope of monitoring.
• Develop identification and documentation of Indicators of Compromise (IOCs).
• Perform malware reverse engineering on the detected malware file to investigate and identify its potential entry points.
• Perform forensic analysis and investigations leveraging SOC solutions and provide evidence in case of breaches.
• Handle security incidents tickets escalated by Level II team, and draft security incident report covering the root cause, forensic evidence, and recommended mitigation plans.
• Escalate complex incidents to higher-level teams, ensuring proper documentation and reporting.
• Perform SIEM/EDR rule fine-tuning to minimize false positive alerts and enhance detection accuracy for MSS SOC.
• Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
• Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.
• Provide guidance and mentoring to junior SOC analysts, supporting their growth and knowledge development. Enable regional security analysts to deliver seamless support locally by developing SOC playbooks, relevant and sufficient Knowledge base.
• Lead regional security analysts in handling incidents, customer escalations and requests, SLA (Service Level Agreement) requirements.
• Stay updated on the latest security trends, vulnerabilities, and attack techniques to improve incident response capabilities

Requirements

• Strong understanding of MITRE ATT&CK framework, and ability to operationalize it for day-day SecOps activities, to develop tactics, techniques, procedures (TTPs) for security analysis and threat hunting.
• Candidate should have at least 8-10 years of working experience in SOC and MSS environments,
• Bachelor's degree in computer engineering, Computer Science, Cyber Security, Information Security, or other equivalents.
• Excellent hands-on experience in implementations, incident analysis of IBM QRadar, Azure Sentinel SIEM (Security Information and Event Management) & Devo technologies.
• Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Microsoft Defender.
• Hands on experience on SOAR (Security Orchestration, Automation, and Response) technologies.
• Proven experience in malware analysis for Windows and Linux/Mac.
• Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet. • Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with proven Unix (Solaris, Linux, BSD (Bumi Serpong Damai)) experience.
• Good knowledge of any shell scripting language and applying it to automate mundane operations tasks
• Strong knowledge of current cyber threats, attack vectors, vulnerabilities, and threat intelligence feeds.
• Ability to work effectively in a team environment, collaborate cross-functionally, and mentor junior analysts
• Candidate should have at least one SANS certification. Preferred if that is GCIH
• Good understanding of basic network concepts and advantages of exposure to cloud technologies.
• Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL (Information Technology Infrastructure Library) standards
• Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds such as MISP.
• Ability to communicate verbally in Mandarin, Cantonese, Bahasa Melayu andBahasa Indonesia