Threat Analytic Team Lead
- Permanent, Full time
- Morgan McKinley Singapore
- 15 Oct 18
Threat Analytic Team Lead
- This role supports the 24/7 coverage
- Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical summaries
- Produce analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further detection
- Monitor external, internal and open source feeds for relevant cyber threats, incidents and /or cyber activity
- Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artefacts, observables, and IOCs.
- Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
- Develop and maintain behavioural- and signature-based threat-driven use-cases.
- Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
- Develop threat hunting programme and have it deployed globally.
- Evaluate the threat landscape and develop short- and long-term security requirements.
- Participate in the testing and integration of new security monitoring tools
- Any of the following certification is highly advantageous: Security+, CASP, CISM, CEH, GIAC, CISSP, GCIH, GCFE, GCFA, GREM, GNFA
- Identify new opportunities for strategic directions and innovation based on existing and emergent cyber threat concepts.
- Experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
- Experience working in an information or cyber security operations related field in an enterprise environment.
- Experience in managing/working with Network Detect/Protection System (NIDS and NIPS) technologies.
- Ability to review threats intelligence report around TTPs correlated it with existing data sources/points and deliver use-cases to detect such threats.
- Knowledge in working with Splunk is a must.
- Experience analysing customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression.
- Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
- Specific knowledge of network analysis tools (e.g. Wireshark), Tanium, Splunk, FireEye, FireSight, Proofpoint, Tenable, Security Center and Splunk Stream
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc