Loading...
Share this Job

SOC Engineer

Date: 23-Sep-2021

Location: Singapore, Singapore

Company: Singtel Group

Service Delivery Manager
 
§  Meeting all Service Levels and contractual commitments for the respective Services. 
§  Providing support to IHiS and Authorised Users. 
§  Providing all Service Level reporting.
§  Implementing and meeting the requirements of IHiS’ business continuity plans.
 
SOC Manager
 
Overseeing and coordinating the activities of the ASOC personnel supporting the monitoring and incident response;
Collaborating with IHiS to ensure that effective monitoring is implemented for all environments;
Ensuring that processes and procedures are followed;
Leading the execution of response procedures to confirm, track and resolve cyber security incidents;
Advising IHiS on initial incident activities and subsequent incident activities;
Ensuring that IHiS’ senior management is informed of key situations that require escalation;
Providing weekly and monthly updates.
Experience in automation of the ASOC
Work of project byong 5M per year
 
 
The ASOC Manager shall have the following qualifications:
 
(a)             At least FIVE (5) years of experience working in a Security Operation Center of similar size with the portfolio as a Security Operation Center Manager; 
(b)             Relevant training on the proposed products, and has obtained professional certification such as GIAC Continuous Monitoring Certification (GMON), GIAC Information Assurance Certified Intrusion Analyst (GCIA), GIAC Information Assurance Certified Incident Handler (GCIH) or Certified Information Systems Security Professional (CISSP), or equivalent;
(c)             The necessary soft skills. The ASOC Manager shall be continually assessed on his/her interpersonal skills and strong communication skills.
 
 
Security Analyst (Threat Monitoring Analyst)
Providing continuous technical monitoring (such as intrusion identification, event correlation and threat containment), detection, correlation, analysis and support involving handling of cyber event such as identifying user security issues;
Performing initial analysis (e.g. analysing and reviewing alerts, eliminating false positives and determining severity of threats) to determine impact of compromise; 
Determining the nature, mechanisms and scope of incident by performing event correlation and historical searches to determine the extent of a security compromise;
Performing event correlation across the In-Scope Institutions to identify similar attack pattern and spread of attack;
Handling case management, generating tickets and reports when required, and tracking open tickets until closure;
Generating incident or investigative reports.
 
The Security Analyst shall have the following qualifications:
 
(a)             At least TWO (2) years of experience working in a Security Operation Center with security monitoring and escalation of threats responsibilities;
(b)             Relevant training on the proposed products, and has obtained professional certification such as GIAC Information Assurance Certified Intrusion Analyst (GCIA), GIAC Information Assurance Certified Incident Handler (GCIH), or equivalent. 
 
Incident Responder
§  Being on standby for 24/7 to execute the incident response process according to the incident response standard operating procedure, and to work closely with the IHiS Threat Hunting team to effectively scope and contain incidents;
§  Conducting research and continuously improving investigative methodologies and techniques, including hard disk drive, network, and memory forensics and investigating systems for malware and reverse engineering malware;
§  Conducting and documenting research on IHiS and the In-Scope Institution to better understand the environment, as well as researching and documenting critical services and systems. Incident response toolkits shall be regularly tested on identified critical services and systems;
§  Regularly conducting meetings with IHiS to improve the incident response plan and associated documentation, run through table-top dry runs to drill all parties in responding effectively, present the latest threats, attacks and gaps in the In-Scope Institution's environment and work out how to improve the incident response procedures to match industry standards;
§  Creating and maintaining procedures for utilising the EDR and NDR tools;
§  Taking part in regular red/blue team exercises.
 
The Incident Responder shall have the following qualifications:
 
(a)             At least TWO (2) years of experience in hard disk drive, memory and network traffic acquisition and analysis;
(b)             Relevant training on the proposed products, and has obtained professional certification such as GIAC Information Assurance Certified Incident Handler (GCIH) or equivalent;
(c)             The necessary soft skills. The Incident Responder shall be continually assessed on his/her interpersonal skills and strong communication skills.
 
Threat & Intel Analyst (Incident Investigation Analyst)
 
§  Performing detailed system analysis and correlation to identify pattern of intrusion;
§  
§  
§  
§  Creating and maintaining procedures for utilising the EDR and NDR tools.
 
The Threat & Intel  Analyst shall have the following qualifications:
 
(a)             At least FOUR (4) years of experience working in a Security Operation Center with security monitoring and escalation of threats responsibilities;
(b)             Relevant training on the proposed products, and has obtained professional certification such as GIAC Information Assurance Certified Intrusion Analyst (GCIA), GIAC Information Assurance Certified Incident Handler (GCIH), or equivalent; 
(c)             The necessary soft skills. The Incident Investigation Analyst shall be continually assessed on his/her interpersonal skills and strong communication skills.
 
SOC Engineering
 
§  Designing of SIEM implementation and the placement of loggers
§  Configure, patch and troubleshoot of the automation/orchestration engine, to ensure the performance and availability.
§  Liaise with and advise external or internal parties for any problems surfaced with regards to Automaton & Orchestration infrastructure.
§  Develop playbooks to automate new Use Cases for event detection, incident ticket creation, incident responses for new threat landscape and new containment parameters identified from the Tier 3 Security Threat analyst
§  Ensuring the operational availability and efficiency of the SIEM systems
§  Develop Use cases to reduce false positive, for new threat landscape, for new log sources, etc
§  Configure, patch and troubleshoot of the EDR solution, to ensure the performance and availability.
§  Liaise with and advise external or internal parties for any problems surfaced with regards to EDR infrastructure.
§  Configure and troubleshoot and ensure security status of ASOC infrastructure devices, and IHiS and the Institutions managed security devices
§  Identify and define system security requirements
§  Implement and monitor security measures for the protection of computer systems, networks and information
§  Liaise with and advise external or internal parties for any problems surfaced with regards to security infrastructure or customer devices
§  Manage and handle IHiS’s change request on Managed devices
§  Problem resolution within SLA time frame
 
The SOC Engineer qualification is not specify in the tender but we are looking for:
·        At least 2 year experience in Linux or Windows, or 2 year experience in maintaining network equipment.
·        Experience in Carbon Black, Anomali or IBM Q Radar is a plus