Incident Response & Prevention Manager

The Cybersecurity and Data Privacy team operates within the office of the CISO, under the leadership of Chief Information Security Officer, Jason Lau, who brings over 23 years of cybersecurity expertise. This team encompasses various functions such as Blockchain Security, Operational Security, and Security Governance and Compliance. The team fosters a growth mindset and humility to support individual potential within the company.

The team upholds a Security and Data Privacy Compliance-first approach that is fundamental to the organization. With the team's efforts, the company became the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301, and PCI:DSS 3.2.1 (Level 1) certifications. The certifications have been meticulously validated by international audit firm SGS and ranked as "Adaptive (Tier 4)" – the highest level possible under the US National Institute of Standards and Technology (NIST) Cybersecurity Framework, the latest NIST Privacy Framework, SOC2, and other regional certifications like the Data Protection Trust Mark.

As a part of the CIRIFT team, you will manage and respond to cybersecurity incidents through all phases of the cycle - from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned in coordination with global incident responders.

In this role, you will utilize your expertise in cyber defense, digital forensics, log analysis, intrusion analysis, and related skills to address security incidents across endpoints, network, and cloud infrastructure. Your responsibilities will include implementing prevention, detection, response, and remediation activities using tools such as NGFW, EDR, IDS/IPS, EDR, DLP, among others. Additionally, you will leverage your communication and collaboration skills effectively in multicultural and global environments with diverse stakeholders.

Responsibilities

• Report to a Senior Manager to support all phases of the incident response lifecycle.
• Participate in various incident prevention projects aimed at enhancing the security posture.

Preparation

• Gain an understanding of different regulatory and compliance requirements.
• Engage in self-assessment exercises to ensure the efficiency of incident response processes.
• Develop incident response runbooks, playbooks, and SOPs aligning with regulatory standards.
• Evaluate the incident response readiness across different layers - people, process, technology.

Detection & Analysis

• Respond to cybersecurity incidents escalated from various channels, including the 24/7 SOC team.
• Address cybersecurity incidents while complying with local regulatory requirements.
• Assess the risk, impact, and scope of identified security threats.
• Conduct in-depth incident analysis using various data sources to investigate security-related logs against threats and IOCs.

Containment, Eradication, and Recovery

• Communicate with stakeholders to offer guidance on containing and eliminating security incidents.
• Contribute to root cause analysis using forensic tools to identify sources of compromise or malicious activities.
• Document and present investigative findings for significant events and other incidents.

Post-Incident Activities

• Conduct lessons learned meetings with stakeholders.
• Lead follow-up activities and document the incident in the case management system, providing incident reports promptly.
• Remain prepared to engage in security incidents as required.

Requirements

• 5+ years of experience in the Cybersecurity industry.
• Solid technical and analytical skills.
• Proficient in cyber security incident response processes.
• Hands-on experience in performing incident response activities.
• Ability to script in Bash, PowerShell, Python, Go, etc., to aid in incident response across various platforms.
• Familiarity with cybersecurity tools like NGFW, EDR, IDS/IPS, DLP, SIEM, and other log management platforms.
• Knowledge of frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Enthusiasm for exploring new technologies and enhancing team capabilities.
• Security-related certifications such as Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or equivalent are advantageous.
• Understanding of regulatory and compliance requirements like GDPR, MAS, PSD2 is a plus.
• Fast learner with a proactive attitude and a willingness to be hands-on.
• Strong team player with a collaborative approach.

The company offers competitive salary packages, medical insurance benefits, attractive annual leave entitlements, work flexibility options, internal mobility programs, and more. Crypto.com is an equal opportunities employer committed to cultivating a diverse and inclusive work environment where opportunities are provided transparently to all candidates.

Personal data submitted by applicants will be used exclusively for recruitment purposes. Only shortlisted candidates will be contacted.