We have an exciting opportunity for a Security Operations Analyst – L2 to join us in Hong Kong
- Triaging, investigating and management of ongoing Cyber Security Incidents.
- Day to day management of the NDR, EDR and SOAR platform
- Support in the creation of operational documents such as- use cases, play/run books
and training materials) on incident response, and ensures regular updating of these
- Support in the creation of various metrics, reporting, review of incident progress and
- Support Regional Security Operations to ensure the Security posture of business units
are under proper measure, monitor and manage.
SOC Incident response
- Support the SOC Manager on incident management and remediation.
- Manage incidents
- Report on incidents
- Assist on developing new ideas on how to improve the security operations, creates
technical procedures, handling guidelines and playbooks.
- Where appropriate working with the global SOC responding and resolving events
generated by the SIEM
Forensics and Malware
- Conduct Forensic investigations to facilitate such things as root cause analysis,
evidence of malicious insider and data breaches.
- Investigate Malicious files and package to ensure RCA, and be able to provide those findings to the relevant stakeholders to further secure our environment
Security Projects & Deployments
- Supports in the implementation of the SOC, its security tooling and the resourcing.
- Supports other projects at the discretion of the Senior Manager Cyber Security Operations.
- Degree holder in Computer Science or related disciplines, or appropriate
- extensive experience.
- GIAC Cyber Security Cert or CISSP qualification is a big plus.
- At least 3-5 years experiences in Information Security
- Proficient in utilising Splunk within a SOC and Incident Response environment.
- Experienced with Endpoint/Network Detection and Response, preferably
- Crowdstrike and Vectra.
- A sound understanding and working experience of Security Orchestration and
- Response tooling, preferably Cortex XSOAR.
- Hands on Cyber security incident management within a SOC environment.
- Strong problem-solving skills and fast learner.
- Solid experiences on Information Security Management System and IT Service
- Liaison skill & teamwork, passion & commitment mentality
- Good interpersonal and communication skills.
- Fluent in spoken and written English
- A sound understanding and knowledge of using Splunk in a SOC environment.
- Broad knowledge of cyber security concepts including antivirus and malware
- protection, vulnerabilities, web and application security.
- Solid support experiences of enterprise security tools such as Enterprise Anti-virus,
- Vulnerability Management, EDR, SIEM, SOAR and other supporting tools.
- Well experienced in security incident handling.
- Experience in various ticketing tools.