Cybersecurity Operations Analyst

We have an exciting opportunity for a Cybersecurity Operations Analyst to join us in Hong Kong.

Key Responsibilities

 

Daily Operations

  • Monitoring events and alerts triggered in the SIEM platform according to the eventsources integrated, providing initial triage (classification and prioritisation) of events
  • and alerts received in the Splunk platform.
  • The Analysts will use the Demisto SOAR tooling to monitor alerts from the NDR and EDR platform and leverage playbooks to initiate triage actions, take auto collect forensic and malware actions, involve L2 Analysts
  • The Analysts serve as 1st escalation point for client requests and enquiries via specific requests platform (Topdesk). They act as a front line to act on the security incidents detected by the tools or manually reported by client
  • The Analysts also conduct analysis and work towards resolution of security incidents, participating in providing containment recommendation.
  • They will collect the evidence with respect to the security incident to confirm the closure
    of incident. Interact with client and other Capgemini teams or 3rd parties via specific
    means defined (Topdesk, mail, telephone, etc.) and operations agreed to analysis and
    work towards resolution of

 

SOC Incident response

  • Support the SOC Manager on incident triage.
  • Suggest improvements from their perspective on developing new ideas on how to
  • improve the security operations, creates technical procedures, handling guidelines and
  • playbooks.
  • Where appropriate working with the global SOC responding and resolving events
  • generated by the SIEM

 

Forensics and Malware

  • Conduct automated Forensic collections of evidence at the point of incident.
  • Use playbooks to automatically contain and collect Malicious files and package to
  • ensure RCA can be conducted by the L2’s & L3’s.

 

 

Requirements:

 

  • Desirable for them to be a Degree holder in Computer Science or related
    disciplines, or appropriate experience.
  • GIAC Cyber Security Cert or CISSP qualification is a big plus.
  • At least 1-3 years experiences in a SOC environment.
  • Proficient in utilising Splunk within a SOC and Incident Response environment.
  • Experienced with Endpoint/Network Detection and Response, preferably
    Crowdstrike and Vectra.
  • An understanding and working experience of Security Orchestration and
  • Response tooling, preferably Cortex XSOAR.
  • Strong problem-solving skills and fast learner.
  • Experience of Information Security Management System and IT Service
  • management.
  • Liaison skill & teamwork, passion & commitment mentality
  • Good interpersonal and communication skills.
  • Fluent in spoken and written English

Technical Requirements

  • An understanding and knowledge of using Splunk in a SOC environment.
  • A good knowledge of cyber security concepts including antivirus and malware
  • protection, vulnerabilities, web and application security.
  • Experience with enterprise security tools such as Enterprise Anti-virus, Vulnerability
  • Management, EDR, SIEM, SOAR and other supporting tools.
  • Well experienced in security incident triage.
  • Experience in various ticketing tools.

Ref:

657803

Posted on:

March 4, 2021

Experience level:

Experienced Professional

Contract type:

Permanent Full Time

Location:

Hong Kong

Business units:

Cloud Infrastructure Services

Department:

Cyber Security