Cyber Incident Response Specialist L3

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

For this position, we are looking for a Cyber Team Lead to assist one of our client – a leading global investment bank.

Background:

APAC Production Security teams are responsible for multiple IT Security activities for in the Asia Pacific region, such as:

1.       IT Production Security Governance, PMO & Risks

2.       Network Security and Security Design & Architecture

3.       Vulnerability & Compliance Management

4.       IAM Production

5.       Production CSIRT, Detection & SIEM Engineering

6.       Production support of the Security platforms

Team is looking for Cybersecurity expert/SME in Detection Engineering & Security Investigation areas, part of Production SOC & Security Investigation & Incident Response team.

Responsibilities:

• Lead technical activities (security use case definition, design, implementation & enrichment) in the team of IT Production Security Investigation & Incident Response based on real-world attack scenarios and framework like MITRE ATT&CK, ensuring robust security detection posture across various layers.
• Understand ongoing security threats in the wild and propose security use case to detect and when possible, protect or mitigate.
• Lead technical activities (definition, R&D/threat hunting) in the team of IT Production Security Investigation & Incident Response and oversee the detection capabilities of the 24/7 regional IT Production SOC
• Respond to Cyber / IT security incidents and evaluates the type and severity of security events.
• Identify recurring security issues and risks and develops mitigation plans and recommends process improvements.
• Partner with global, regional and local stakeholders to ensure organizational and procedural efficiency and readiness for detection of suspicious events and reaction
• Continuously improve the processes to strengthen the current SOC framework via review of policies and operational playbooks

Contributing Responsibilities:

• Partner with the APAC Business CSIRT for integrated security monitoring and alert/incident handling operations.
• Contribute to local security incident response outside the direct scope of responsibilities (i.e.,- local IT production in some APAC business entities)
• Contribute to the compliance with regulatory requirements and internal policies
• Contribute to the reporting of all incidents according to the Incident Management System
• Contribute to the control frameworks in day‐to‐day business activities, such as Control Plan;
• Participate to Audit interview and provide the require evidence

Requirements

• Candidate MUST have 7 or more years of experience on overall cybersecurity incident response with 4+ years specifically on security use case design, development, coding
• Experience in security use case design/development with understanding of Java language
• Good working knowledge of Linux (RedHat/Ubuntu)

• Working knowledge to interpret security logs or instructions into threat models. SecOPS-DevOPS mindset & skills.
• Experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders.
• Thorough understanding of technologies and security concepts, with knowledge & hands on experience in SIEM Product and Security Incident Management
• Experience of performing security monitoring and incident response activities in an advanced Security Operation Centers (SOC) environment (log analysis, event analysis, incident investigation, reporting)
• Comfortable working with and making the most of large data sets (collection, analysis, response), creating content/use cases/models and bringing an automation mindset
• Experience in SIEM on ELK(Elastic Logstash Kibana) stack is a plus
• Professional credentials in one of the relevant IT Security disciplines is a plus (SANS / CISSP / OSCP)
• Experience in common scripting languages such as Python, PowerShell, Bash, SQL is a plus

Personal Attributes Requirements:

• Strong problem-solving skills
• Good communication skills (English is MUST, French is added advantage)
• Positive attitude, willing to upskill and carry out in-depth troubleshooting
• Has the ability to work autonomously and think on feet, be-proactive.
• Good interpersonal skills and team player
• High energy level coupled with a desire to take on responsibility
• Able to multi-task & deliver within agreed deadlines

Benefits

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical Insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• Training and certifications paths