POSITION GENERAL SUMMARY

The scope of responsibilities includes all SIEM administration, management, configuration, testing, and integration tasks related to the system, focusing primar¬ily on content development to include reports, dashboards, real-time rules, filters, and active channels.

ESSENTIAL POSITION FUNCTIONS

•    Identify, categorize, prioritize, and investigate events rapidly utilizing triage and response guidelines for the enterprise using commonly available CSOC log sources
•    Monitor incoming event queues for potential security incidents using the SIEM tool per operational procedures. 

•    Monitor incoming event queues for potential security incidents using the SIEM tool per operational procedures. 
•    Perform initial investigation and triage of potential incidents, and escalate or close events as applicable
•    Monitor CSOC ticket (or email) queue for potential event reporting from outside entities and individual users. 
•    Produce, maintain and update CSOC Playbook.  
•    Document investigation results, ensuring relevant details are passed to tier 2 (Cybersecurity Response team) for final event analysis. 
•    Update or reference CSOC collaboration tool as necessary for changes to SOC process and procedure as well as ingest CSOC daily intelligence reports and previous shift logs. 
•    Conduct security research and intelligence gathering on emerging threats and exploits. 
•    Perform additional auxiliary responsibilities as outlined in the console monitoring procedure. 
•    To ensure that emergency response and crisis management plans and procedures are tested for viability, and to ensure that plan currency is maintained based upon lessons learned as well as business requirements 
•    To do follow-up remediation to tier 2 for final event analysis and produce the CSOC security event management monthly status report 
•    Work with internal business units and external stakeholder to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices
•    Maintain the group email address and distribution lists, answer SOC main phone lines, and update all relevant documentation such as shift logs and tickets. 
•    Keep updated on knowledge and awareness on latest security trends.
•    To perform duties with due diligence and professional care in accordance with professional standards and best practises

•    To ensure understanding and involvement from all level of management and employees
•    To get top management commitment in compliance activities
•    To get all staff and management to adhere to policies, procedures and internal control

(E.g: Revenue/ Cost/ No of Surbodinate/ No of Project/ EBITDA)     
Number of staff        9
Number of compliance checking        3
Number of IT Security management        5
 

•    Experience in maintaining system (hardware and software)
•    Experience in network/firewall configuration.
•    Travelling, extra work (After office hour)
•    Have a throughout understanding of system functionality including
overall structures of TAMS subsystem
•    Minimum supervision with good interpersonal and communication skills
•    Knowledge in system, infrastructure and application architecture. 

UNIQUE REQUIREMENTS

• Experience in maintaining system (hardware and software)
• Experience in network/firewall configuration.
• Travelling, extra work (After office hour)
• Have a throughout understanding of system functionality including overall structures of TAMS subsystem
• Minimum supervision with good interpersonal and communication skills
• Knowledge in system, infrastructure and application architecture. 

External

• Degree with CGPA > 3.0 and minimum 3 year relevant experience.

External        

• Recognised Degree preferably with specialization in computer related discipline and working knowledge of SIEM technology. Industry certification such as CISSP, GPH, CPT, etc is a plus. 
• Experience with cyber security incident response protocols (e.g., identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.