Job Openings Cyber Defence Lead

About the job Cyber Defence Lead

A licensed virtual bank in Hong Kong

Location

Hong Kong

Report to

Chief Information Security Officer

Job Summary

  • Improve cyber defence capability.
  • Improve security monitoring capability.
  • Improve security incident response capability.

Responsibilities

Anomalies activity and cyber incident detection

  • Manage the anomalies activity detecting process.
  • Assess the monitoring needs and define the monitoring scope and approach.
  • Work closely with Security Operation Center to ensure that the monitoring process are effective.
  • Oversight and monitor on the activities performed by the Security Operation Center.
  • Monitor security events reported to ensure that all events are properly handled.
  • Response to security events escalated from the Security Operation Center and work with the relevant parties to investigate and response when needed.
  • Develop relevant information security metrics to monitor the banks information security posture and translate it into meaningful insights for the senior management.

Cyber incident response and management

  • Manage security incident and develop response plan and playbooks for various attacks and security events.
  • Oversight and monitor security incidents to ensure that all incidents identified are managed according to the incident management procedure and response plans.
  • Ensure escalation and reporting process are in place and followed.
  • Perform analysis to assess incident impact and determine whether the involvement of external investigators or forensic analysis are required to support incident investigation.
  • Work with external investigators on forensic analysis during cyber and information security incidents.
  • Drive the banks regular incident response drills exercise in responding to cyber and information security incidents.

Threat monitoring and analysis

  • Monitor threat intelligence from various sources to discover emerging cyber threats affecting the bank and customers.
  • Perform threat analysis and to identify potential security controls or remediation and other security improvement in response to the threats.
  • Perform threat hunting, leveraging available indicators of compromise, to identify potential threats that are lurking undetected.
  • Threat intelligence sharing and to collaborate with 3rd parties and industry peers.
  • Manage the threat and vulnerability management program.

Requirements

  • At least 7 years of experience in information & cyber security from either the banking and finance industry or security consulting with primary focus on Incident Response or Intrusion Detection.
  • Solid understanding of incident response, threat modeling and common attack vectors, adversary tactics, techniques & procedure, MITRE ATT&CK framework.
  • Hands on experience in using Splunk Enterprise Security, analyzing security log & network traffic, identifying, and investigating security incidents.
  • Prior experience in malware analysis, virus exploitation and mitigation techniques, and digital forensic.
  • Understanding of network, desktop and server technologies, network intrusion methods, network containment, segregation techniques, IDS and IPS.
  • Degree holder major in Computer Science or related field.
  • Relevant certification in information security (e.g., CISSP, CISA or CISM etc.)

Or refer someone