Enterprise Threat Management and Security Architecture (ETMSA) Engineer

As a valued member of the ETMSA team at [Company], you will play a critical role in addressing and managing cybersecurity threats and incidents across their lifecycle - from Preparation through Identification, Containment, Eradication, Recovery, and Lessons Learned. This will involve collaborating with a diverse global team of incident responders.

Your role will require the application of your extensive expertise in cyber defense, digital forensics, log analysis, and intrusion analysis to handle security incidents affecting our endpoints, network, and cloud infrastructure. Your responsibilities will encompass prevention, detection, response, and remediation efforts, ensuring the protection of information assets and technologies by utilizing technologies like Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

Furthermore, your proficiency in collaboration and communication will be essential in effectively working with stakeholders across multicultural and global environments.

Key Responsibilities

• Report directly to the Director, overseeing all phases in the incident response lifecycle
• Participate in various incident prevention projects to enhance security posture

Preparation:

• Understand diverse regulatory and compliance requirements such as critical reporting timelines and escalation procedures
• Engage in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to ensure seamless incident response processes
• Develop incident response runbooks, playbooks, and SOPs aligning with different regulatory standards
• Evaluate the incident response preparedness of various layers - people, processes, technology

Detection & Analysis:

• Handle cybersecurity incidents escalated from multiple channels, including the 24/7 SOC team
• Act in compliance with local authority/regulatory mandates when responding to cybersecurity incidents
• Assess the risk, impact, and scope of identified security threats
• Conduct in-depth analysis of incident data sources by investigating security logs against medium-term threats and IOCs

Containment, Eradication, and Recovery:

• Communicate with stakeholders, providing guidance and recommendations to contain and eliminate security incidents
• Participate in root cause analysis leveraging forensic and specialized tools to identify compromise sources or malicious activities
• Document and present investigative findings for high-profile events and other incidents of interest

Post-Incident Actions:

• Conduct post-incident lessons learned meetings with stakeholders
• Lead and monitor follow-up activities
• Record the incident in the case management system and generate incident reports
• Remain prepared to act promptly in the face of security incidents

Requirements

• Minimum 5 years of experience within the Cyber Security industry
• Strong technical and analytical skills
• Proficiency in the cyber security incident response process
• Familiarity with AI tools for automating security tasks
• Hands-on experience in performing incident response activities
• Scripting experience in Bash, PowerShell, Python, Go, etc., to aid incident response across various platforms
• Knowledge of cybersecurity tools like NGFW, EDR, IDS/IPS, SIEM, etc.
• Familiarity with the MITRE ATT&CK Framework and Cyber Kill Chain
• Eagerness to explore new technologies and enhance team capabilities
• Preferable security-related certifications like Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or equivalent
• Understanding of regulatory and compliance requirements such as GDPR, MAS, PSD2 is a bonus

Preferred Qualifications

• Quick learner with a proactive attitude
• Strong team player with compassionate collaboration skills
• Passionate about learning and willing to go the extra mile
• Understanding of ownership and accountability, alongside urgency and prioritization
• Ability to handle incidents confidently and engage with senior and technical stakeholders effectively
• Business acumen mindset for critical decision-making