Cyber Defence Operations - Manager

Job Description

Foreign Fund Management

【Newly-released in Feb, 2023】
- open看非金融行业候选人
- 英语能力书面即可，口语可不作要求
- please contact Agnes YANG via wechat: aviyayang

Key Responsibilities
* Triage events including malicious activity and incidents of concern
* Analyse identified malicious activity to determine weaknesses exploited,
exploitation methods, and effects on system and information
* Receive and analyse network alerts from various sources within the
enterprise and determine possible causes of such alerts
* Assist in determining appropriate course of action in response to
identified and analysed anomalous network activity
* Analyse network traffic to identify anomalous activity and potential
threats to network resources
* Document and escalate incidents (including event's history, status,
and potential impact for further action) that may cause ongoing and
immediate impact to the environment
* Provide timely detection, identification, and alerts of possible
attacks/intrusions, anomalous activities, and misuse activities, and
distinguish these incidents and events from benign activities
* Perform event correlation using information gathered from a variety of
sources within the enterprise to gain situational awareness and
determine the effectiveness of an observed attack
* Reporting, monitoring & support
* Identify potential conflicts with implementation of any tools within CDO
area of responsibility (e.g., tool/signature testing and optimization)
* Provide summary reports of security events and activity relevant to
CDO. This includes external incident, threat intelligence and analysis
* Perform trend analysis and reporting
* Monitor external data sources to maintain current of threat condition
and determine which security issues may have an impact on the
enterprise
* Maintain security solutions to ensure they function properly.
* Non office hours on call support on a rotation basis
* Security solution delivery
* Research security solutions in market and perform gap analysis with
existing solutions.
* Propose solutions to enforce security capability.
* Design and deploy security solutions.
Experience And Qualifications Required
* At least 2 years of experience working in a Security Operation Centre, cyber
defence or Incident Response.
* Knowledge of or experience working with security solutions (SIEM, IPS, Antimalware, EDR, email security, DLP, etc)
* Experience explaining the risk of security threats and creating mitigations.
* Experience of general IT infrastructure technologies and principles.
* Knowledge of current security threats and common exploits
* Experience using data science or advance analytical tools to solve security
incidents.
* Excellent problem-solving and critical-thinking skills
* Strong communication both written and verbal.
* Self-motivated, flexible, with a 'can do' attitude.
* Ability to pick up business knowledge, new technology areas, new
processes/methodologies and apply these changes in the day-to-day working
to improve Security organisation.
* Fluent in English
Qualifications/Certifications
* Undergraduate degree in a relevant technology field.
* Security accreditations such as CEH, GCIA, GCIH, GCFA, GMON, GNFA, SSCP,
OSCP, CISSP, Security+ are desired.
* Security vendor certifications preferred