We have an exciting opportunity for a Cybersecurity Operations Analyst to join us in Hong Kong.
Daily Operations Monitoring events and alerts triggered in the SIEM platform according to the eventsources integrated, providing initial triage (classification and prioritisation) of events and alerts received in the Splunk platform. The Analysts will use the Demisto SOAR tooling to monitor alerts from the NDR and EDR platform and leverage playbooks to initiate triage actions, take auto collect forensic and malware actions, involve L2 Analysts The Analysts serve as 1st escalation point for client requests and enquiries via specific requests platform (Topdesk). They act as a front line to act on the security incidents detected by the tools or manually reported by client The Analysts also conduct analysis and work towards resolution of security incidents, participating in providing containment recommendation. They will collect the evidence with respect to the security incident to confirm the closure
of incident. Interact with client and other Capgemini teams or 3rd parties via specific
means defined (Topdesk, mail, telephone, etc.) and operations agreed to analysis and
work towards resolution of
SOC Incident response Support the SOC Manager on incident triage. Suggest improvements from their perspective on developing new ideas on how to improve the security operations, creates technical procedures, handling guidelines and playbooks. Where appropriate working with the global SOC responding and resolving events generated by the SIEM
Forensics and Malware Conduct automated Forensic collections of evidence at the point of incident. Use playbooks to automatically contain and collect Malicious files and package to ensure RCA can be conducted by the L2’s & L3’s.
Requirements: Desirable for them to be a Degree holder in Computer Science or related
disciplines, or appropriate experience. GIAC Cyber Security Cert or CISSP qualification is a big plus. At least 1-3 years experiences in a SOC environment. Proficient in utilising Splunk within a SOC and Incident Response environment. Experienced with Endpoint/Network Detection and Response, preferably
Crowdstrike and Vectra. An understanding and working experience of Security Orchestration and Response tooling, preferably Cortex XSOAR. Strong problem-solving skills and fast learner. Experience of Information Security Management System and IT Service management. Liaison skill & teamwork, passion & commitment mentality Good interpersonal and communication skills. Fluent in spoken and written English
Technical Requirements An understanding and knowledge of using Splunk in a SOC environment. A good knowledge of cyber security concepts including antivirus and malware protection, vulnerabilities, web and application security. Experience with enterprise security tools such as Enterprise Anti-virus, Vulnerability Management, EDR, SIEM, SOAR and other supporting tools. Well experienced in security incident triage. Experience in various ticketing tools.