We are looking for a highly talented ICS professional to lead / join our ICS Security Operations team. The candidate must be comfortable with working on Information & Cyber Security (ICS) at both abstract and detailed levels. The candidate will be someone who has a good balance of ICS Incident Response, Security Monitoring, Threat Hunting and operations background. Fluency in ICS concepts and practice, and the ICS regulatory landscape is a must.
Responsibilities
- A self-starter, independent with minimal supervision and strong hand-on experience in building security monitoring and incident response capabilities including playbook, processes, and tooling.
- Provide security monitoring and incident response expertise to businesses and collaborate with various parties in the Group and business units.
- Act as subject matter expert on activities relating to cyber related detection and incident response.
- Lead triaging and investigations into intrusions and other cyber security breaches. Provide a coordinated response to complex cyber-attacks that threaten a company’s assets, intellectual property, and systems.
- Continuous development, operating and improvement of security monitoring and incident response processes, tooling and solutions as required.
- Research and recommend solutions for incident response and support digital forensics, where required.
- Work with VAPT / Red team members to incorporate security vulnerabilities and/or attack use cases into the security monitoring and IR playbook.
Qualifications
- +3 years of in-depth, hands-on working knowledge in security operations, incident response, and security monitoring activities in a global environment.
- Ability to join the dots in identification of incidents (including triage, corelate to past or concurrent incidents/alerts) to post incident recovery activities.
- Good understanding of tactics, techniques, and procedures that could be used in cyber kill chain for recon, persistence, lateral movement, and ex-filtration.
- Ability to develop and operationalized security monitoring capabilities, tooling and use cases for different tech stacks (e.g. APIs, application) including cloud and container set up.
Good hands-on experience in digital forensic, threat hunting is a plus.
• The threat and vulnerability landscape including malware, emerging threats, attacks, and vulnerability management. • Good understanding of technology (e.g. cloud and containers) and Agile development concepts. Networking topologies, telemetry, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security.
- Ability to explain theoretical concepts to team members with varying ICS backgrounds.
- Experience with Splunk or sumo logic tools.
- Programming and scripting languages, e.g. Perl, Python, PowerShell or shell scripting.
- Good understanding of industry trends and developments including impact on the business.
- Strong English communication skills -oral and written.
- A hustler who is highly adaptable and able to perform in a fast-paced dynamic environment.
- A team player who champions ownership and upholds a collaborative work environment.
- An inquisitive learner who has the appetite for continuously improving and streamlining processes and the way we work
