Head of Cyber Defense (IR/ Security monitoring)

My reputable client is looking to hire a cyber securty defence to heads up their security operations team. If you are keen to know more, please get in touch!

About the responsibilities:

• Lead the cyber defense team and responsible for managing anomalies activity and cyber security incident detection
• Manage the anomalies activity detecting process in the environment
• Assess the monitoring needs and define the monitoring scope and approach
• Oversight and monitor on the activities performed by the Security Operation Center
• Monitor security events reported to ensure that all events are properly handled

Cyber incident response and management

• Manage security incident and develop response plan and playbooks for various attacks and security events
• Oversight and monitor security incidents to ensure that all incidents identified are managed according to the incident management procedure and response plans
• Ensure escalation and reporting process are in place and followed
• Perform analysis to assess incident impact and determine whether the involvement of external investigators or forensic analysis are required to support incident investigation
• Work with external investigators on forensic analysis during cyber and information security incidents
• Drive the bank’s regular incident response drills exercise in responding to cyber and information security incidents

Threat monitoring and analysis

• Monitor threat intelligence from various sources to discover emerging cyber threats affecting the bank and the customers
• Perform threat analysis and to identify potential security controls or remediation and other security improvement in response to the threats affecting the company
• Perform threat hunting, leveraging available indicators of compromise, to identify potential threats that are lurking undetected
• Threat intelligence sharing and to collaborate with 3rd parties and industry peers
• Manage the threat and vulnerability management program

About the requirements:

• At least 7 years of experience in information & cyber security from either the banking and finance industry or security consulting with primary focus on Cyber Defence, Incident Response or Intrusion Detection
• Solid understanding of cyber defence, incident response, threat modeling and common attack vectors, adversary tactics, techniques & procedure, MITRE ATT&CK framework
• Hands on experience in:
• using Splunk Enterprise Security
• analysing security log & network traffic
• identifying and investigating security incidents
• Prior experience in malware analysis, virus exploitation and mitigation techniques, and digital forensic desired
• Understanding of network, desktop and server technologies, network intrusion methods, network containment, segregation techniques, IDS and IPS
• Relevant certification in information security (e.g. CISSP, CISA or CISM, etc.)