Enterprise Threat Management and Security Architecture (ETMSA) Engineer

As a valuable member of the ETMSA team at [Company Name], you will play a crucial role in responding to and managing cybersecurity threats and incidents across the entire lifecycle. This includes activities from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned. You will collaborate closely with a diverse global team of incident responders.

Your role will require the application of your diverse skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents concerning endpoints, network, and cloud infrastructure. You will be responsible for various aspects such as prevention, detection, response, and remediation, utilizing technologies like Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), and Data Loss Prevention (DLP).

Furthermore, your strong collaboration and communication abilities will be essential for effectively working with stakeholders in multicultural and global environments.

Responsibilities:

• Collaborate with the Director to oversee all phases of the incident response lifecycle.
• Engage in various incident prevention projects to enhance the overall Security posture.

Preparation:

• Gain a thorough understanding of different regulatory and compliance requirements.
• Participate in self-assessment exercises such as Tabletop Exercises and Attack Simulations to ensure a smooth incident response process.
• Develop incident response runbooks, playbooks, and SOPs aligning with various regulatory requirements.
• Evaluate the readiness of incident response across different layers - people, processes, and technology.

Detection & Analysis:

• Respond to cybersecurity incidents escalated from different channels, including the 24/7 SOC team.
• Address cybersecurity incidents as per local regulatory requirements.
• Assess the risks, impacts, and scope of identified security threats.
• Conduct in-depth incident analysis by investigating security-related logs against medium-term threats and IOCs.

Containment, Eradication, and Recovery:

• Communicate with stakeholders, provide guidance, and recommendations for containing and eradicating security incidents.
• Participate in root cause analysis using forensic tools to identify compromise sources or malicious activities.
• Document and present investigative findings for significant events and other incidents.

Post-incident Activities:

• Facilitate lessons learned meetings.
• Drive follow-up activities.
• Document incidents in the case management system and create incident reports.

Always be prepared to engage in security incidents promptly.

Requirements:

• Minimum of 5 years of experience in the Cyber Security industry.
• Strong technical and analytical skills.
• Familiarity with cyber security incident response processes.
• Proficiency in utilizing AI tools for automating security tasks.
• Hands-on experience in incident response activities.
• Proficiency in scripting languages like Bash, PowerShell, Python, etc., to aid incident response in various environments.
• Knowledge of cybersecurity tools like NGFW, EDR, IDS/IPS, SIEM, etc.
• Familiarity with frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Eagerness to explore new technologies and improve team capabilities.
• Security-related certifications are a bonus.
• Awareness of regulatory standards like GDPR, MAS, PSD2, etc.

Preferably:

• Fast learner with a can-do attitude.
• Effective team player with a compassionate approach.
• Willingness to learn and invest extra effort.
• Demonstrated sense of ownership and accountability with a focus on urgency and prioritization.
• Confident in managing incidents and engaging with stakeholders.
• Possesses business acumen when making important decisions.