SIRCC Analyst
Cyberjaya, MALAYSIA Infra / Networks / Telecom
Job description
· Job Description:
Job scope/summary:
The Associate Professional Information Security – SIRCC Analyst position working in the Security Information Response Control Center is responsible for the receipt, logging and management of all reported Security Incidents.
Job specifics/responsibilities:
· Analyse and perform risk assessments on the potential impact to the business of security events/incidents.
· Coordinating the response to security incidents by the technical groups within the business, including communication with subject matter experts and between business units, directing technical resources, follow-up on tasks assigned by management to business units, and working with technical resources to complete actions if required.
· Ensuring that significant security incidents are reported clearly and concisely management in a reasonable time frame.
· Initial monitoring and analysis of the output from security devices such asIntrusion Prevention Systems, malware alerts, firewall logs, proxy logs, system logs, and so on.
· Perform behavioural analysis of malware samples in a controlled environment, document the results, and provide the samples and documentation to a reverse engineering team.
· Compiling, reviewing, and submitting incident reports for final peer and management review, prior to release to the business.
· Research new vulnerabilities and security threats reported by external security entities, perform and document risk assessments as to the potential impact of said vulnerabilities and threats to the business. Communicate this information to management and other business units as appropriate.
· Contributing to existing process and procedure documentation, and assist in creating new process and procedure documentation in response to dynamically changing threats, information security landscapes, and business requirements.
Education (degree) and professional experience required:
Bachelor’s Degree in information security or related discipline, or any of the following or similar related certifications:
· Cisco Certified Network Associate
· Certified Ethical Hacker
· Certified Penetration Tester
· Offensive Security’s Penetration Testing
· Open Source Security Testing
· GIAC Certified Incident Handler
· GIAC Security Essentials
Other requirements:
· Strong English writing skills with the ability to communicate clearly with correct spelling, grammar, sentence structure.
· Able to work rostered shift work and weekends as detailed on the SIRCC shift roster
· The ability to think flexibly and “outside the box” and to communicate clearly while under pressure.
Personal skills and qualities:
Desirable Skills:
· Understanding of, and experience using, Unix-style operating systems, such as Linux or Z-OS or BSD.
· Experience with multiple types of enterprise level anti-malware packages currently available.
· Experience with Operating System security, administration, and logging in an enterprise environment.
· Previous experience writing technical documentation and/or process documentation.
· Experience dealing with Cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
· Bachelors Honours project in Information Security.
Technical skills:
· The ability to learn or develop new processes quickly in response to changes in business requirements and the Information Security landscape.
· In-depth understanding of TCP, IP, and other lower level network protocols, as well as common higher-level protocols such as HTTP, HTTPS, SMTP, POP3, FTP, and so on, and the ability to analyse captures of network traffic.
· Familiarity with network security devices, including firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, and so on.
· Understanding of modern network operating systems, how they communicate, and familiarity with the Microsoft Windows line of Operating Systems.
· Strong understanding of the malware products available on the market, how anti-malware software works, and how it is used in an Enterprise environment.
· Basic knowledge about common types of Information Security threats, such as buffer overflows, cross site scripting, SQL injection, phishing, and other techniques used to compromise security.
· The ability to perform analysis of log files from multiple different devices and environments and identify indicators of security threats.
· Familiarity with Information Security practices and procedures, including investigative processes, and requirements for security audits such as SOX, SAS70, or ISO27001.
· The ability to think flexibly and “outside the box” and to communicate clearly while under pressure.
· The ability to perform independent research and analysis of security threats and issues using various available resources, and to document and report on the results.
· Basic programming or scripting skills.