Job title: Specialist - Cybersecurity
Job type: Permanent
Emp type: Full-time
Industry: Shared Services / Global Business Services (GBS)
Expertise: Information Technology & Telecommunications
Location: Pasig City
Job published: 2022-05-10
Job ID: 34922

Job Description

KEY RESPONSIBILITIES:
You will:

  • Monitor alerts across Security Stack and provide advanced detection and response service though security event analysis review
  • Perform live response data collection and analysis on threats
  • Perform incident response and basic malware analysis to investigate incidents
  • Help navigate staff from incident response triage into the incident response process if findings are substantiated
  • Work with the senior security engineers and analysts in fine tuning the security systems removing any false positive alarms.
  • Maintain current knowledge of tools and best practices in forensics and incident response and develop an understanding of advanced persistent threats, including tools, techniques, and procedures of attackers.
  • Conduct vulnerability assessment and implement remediation strategies to advance threat intelligence.
  • Conduct third party information security risk assessments
  • Perform phishing simulation exercises across and defining phishing templates.
  • Conduct regular security and risk assessments of applications, infrastructure and define security controls.
  • Lead security vulnerability management program recommending best practices/solutions to address vulnerabilities, secure hosts, applications, databases, and network technologies 
  • Collect and analyse threat intelligence reports covering new threats, vulnerabilities, and research.
  • Strengthen security operations monitoring by extracting data from threat intelligence and develop understanding of adversary TTPs.
  • Automate the tasking of IOCs and other threat intelligence data for tasking in existing cybersecurity databases
  • Implement new and uplift existing monitoring and alerting capability to proactively identify new and emerging threats within the corporate network.
  • Monitor the performance of security solutions to identify and bring to attention breaches and potential intrusion incidents.
  • Investigate security breaches within a defined area of responsibility to maintain the compliance with internal security standards.
  • Handle cyber security incidents in conjunction with the existing service providers from detection through to completion including maintaining incident response documentation, post-mortem root cause analysis, writing incident reports and providing lessons learnt and enhancements required.
  • Operating security monitoring and incident response toolsets with a focus on reviewing of corrective measures and continuous improvement.
  • Analyse security systems and seek improvements on a continuous basis.
  • Multi-Factor and user account review. Define policy and processes for user account control and review. Ensure adherence and review for future risks
  • Co-ordinate with Security vendors and upgrade or rebuild of security platforms as desired.
  • Be an enthusiastic advocate of Cybers Security and IT risk management by continuously educating employees on information security principles and their role in upholding those principles.
  • Contribute to the development and maintenance of documented security solution run-book procedures and techniques.

QUALIFICATIONS & REQUIREMENTS:

  • 7+ years’ experience working as security analyst or any other similar roles.
  • 2 + years’ experience as a Systems/Network administrator, or Network Security analyst required.
  • 2 + years year of advanced working knowledge of Windows and Linux operating systems required.
  • Experience with security tools such as firewall logs, intrusion detection systems, Security Incident and Event Management.
  • 1+ experience with automation tooling and frameworks such as Python, Powershell and Terraform required.
  • Experience in IT Infrastructure & application security, working in a large and complex environment.
  • Experience with incident interpretation received from Cyber Security Operations Centre (SOC) and defining tasks required to deliver resolution. 
  • Strong experience in developing and maintaining Vulnerability Management process and procedures – Qualys, CrowdStrike Falcon Spotlight, Tenable.
  • Experience with Vulnerability Assessment & Management including OS, Network, Web, Database & application vulnerability assessments.
  • Working knowledge of Active Directory, Azure AD, IDS/IPS, DNS, VPN, SIEM, LAN, WAN.
  • Experience with building automation solutions using Python and Power Shell.
  • A strong desire to learn new cyber security tools and get involved and take ownership in new projects
  • Good understanding of SIEM and other infrastructure level technologies -Windows, Linux, VMware, Azure, AWS and O365.
  • Experience with Web Security Gateways, Email Security Gateways, Web Application Firewalls
  • Experienced with Endpoint Detection, analysis, and Response control.
  • Good understanding of End point security tools like application whitelisting, HIPS, ATP etc.
  • Good experience with managing email gateways – O365 and Proofpoint.
  • Experience with O365 E5 security tools.
  • Good experience with managing AWS Security tools - AWS Security Hub, Amazon Guard Duty, AWS Shield.

Work Schedule: Day Shift / Flexible
Work Setup: WFH / Hybrid