Protecting RHB against advanced cyber threats through proactive detection engineering, continuous threat hunting, and rapid incident response. Design and implement detection logic, lead hunts for known & unknown threats, and respond to incidents to contain and eradicate malicious activity across on-premises and cloud environments. This role will be technical SME for cyber security related matters.
Key Responsibilities
Solution Engineering
- Maintaining of security solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement, UAMR etc.)
- Ensure events / logs from all relavant devices are sending to SIEM solution in a complete and accurate manner
- To produce monthly SIEM system health report (completeness and accurate)
- Assist in the design, evaluation, and implementation of new security technologies
Proactive Threat Hunting
- Perform hypothesis-driven threat hunts using advanced analytics, behavioral patterns, and threat intelligence.
- Analyze various logs sources to identify anomalous activities, potential compromises, and previously undetected threats
- Develop and refine hunting methodologies and detection logic to improve visibility and coverage
- Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
- Document and communicate hunting results, including risk impact and recommended mitigations.
Detection & Response
- Continuously develop, finetune and review SIEM use cases based on Mitre Attack framework and current threat landscape
- Contribute to the continuous improvement of detection capabilities and automation processes.
- Correlate data from multiple sources (network logs, endpoint telemetry, cloud environments) to detect stealthy or novel attacks.
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, internal threat landscape, etc.
Digital Forensic
- Lead response and investigation efforts into advanced/targeted attacks
- Lead in incident response activities such as digital forensic, host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
- Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
Incident Response
- Lead or support security incident investigations from detection through containment, eradication and recovery
- Perform deep-dive and forensics analysis during ongoing or post-incident reviews.
- Develop post-incident reports and lessons learned to drive improvements in detection and response capabilities
Research and Continuous Improvement
- Stay up to date with emerging threats, attacker behaviors, and cybersecurity trends.
- Develop and maintain custom scripts and tools to automate hunting and analysis tasks (e.g., Python, PowerShell, or Bash).
- Knowledge sharing through internal training sessions and threat briefings
- Mentor junior analysts and engineers on threat analysis methodologies
