AVP, SOC

  • Competitive
  • Singapore
  • Permanent, Full time
  • United Overseas Bank
  • 18 Dec 17

AVP, SOC

The Security Operation Center (SOC) is seeking a Singapore-based L2 SOC analyst. The successful candidate will have experience in incident triage, security threat monitoring, security compliance monitoring and familiar with SOC processes and environment. The analyst will work as the shift lead in a 24x7x365 shift environment and will respond to security incidents in a SLA driven SOC.

Your key responsibilities are:
• Responsible for performing daily operational real-time monitoring and analysis of security events from multiple sources including but not limited to events
from Security Information Monitoring tools, network and host based intrusion detection systems, network infrastructure logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
• Perform incident initial identification, classification and prioritization
• Timely escalation and working closely with stakeholder to ensure rapid response to all reported incidents
• Provide support and assistance during the investigation of security incident
• Proactive monitoring on Cyber threat landscape by performing research and study on latest security threats and vulnerabilities
• Participate in the periodic review and establishment of stringent service level requirement
• Generate security reporting and metrics as required
• Perform daily health check on the system health status
• Perform as shift lead, shift scheduling and conduct daily shift handover
• Stay current on the latest threats and vulnerabilities to ensure operational tools and processes are up to date
• Provide first line response to security incidents (malware infections, unauthorized access, malicious emails, Distributed Denial of Service (DDoS) attacks, etc)
• Review the analysis and work of the L1 analyst and provide guidance to the L1 analyst team
• Provide L2 analysis of security alerts and incidents
• Participate in GSOC workflow and process improvements and re-engineering
• Enhance and assist in the tuning of the SIEM and NIDS rules to identify security incidents and reduce false positives.
• Review threat intelligence and investigate indicators of compromise (IOCs).
• Assisting in evaluating security events and issues, being the escalation point of contact when required.

Requirements:
• ITC/Diploma/Degree in Computer Science / IT Security from a recognized education institution
• Professional security related qualification (e.g. SANS GCIA, GSEC, GCIH) will be favorable although not mandatory
• 4 years of relevant experience in similar capacity
• Strong understanding of basic computer science: algorithms, data structures, databases, operating systems, networks, and programming
• Strong understanding of IT operations: help desk, end-point, server management, and networks
• Strong ability to communicate at all levels
• Good understanding of Cyber security: Cyber kill chain, TTP, threat intelligence, malware triage
• Good understanding of information security concepts: defense in depth, BYOD management, data loss protection, risk assessment and security metrics
• A good knowledge in Internet infrastructure, networking technology and network security (i.e. DNS, DHCP, Firewall, WAF, IDS, IPS, VPN, APT and TCP/IP protocols)
• Malware triage and analysis capability will be an advantage
• Working experience with ArcSight or any major SIEM will be an advantage
• Strong technical knowledge and log analysis for Operating Systems, Database, Security and Network device & application
• Process and procedure adherence
• Strong analytical and problem solving skill
• Willingness to work in a rotational 24/7 SOC environment