Envision Digital International Pte Ltd – Security Engineer (Cyber Command Center)

The Envision Digital Cyber Security organization is growing rapidly to help guide the company through its own global hyper growth phase. This growth is fueled by customer demand for our innovative cloud-based software and embedded product lines. We are looking for a Security Engineer to join our dynamic team, driving efforts within the Envision Digital Cyber Command Center (CCC) to monitor and protect the Platform and Edge ecosystem from cyber security threats facing the organization. You will build automation to address various events while conducting research and actively hunting for threats. You will also:

Create and tune Security analytics models and alerts for automated response orchestration

Review security events to determine impact to the organization and its customers

Collaborate with internal stakeholders in addressing systemic security weaknesses

Develop and analyze trends of events and incidents to assist in minimizing security risk

Review asset, application, host, server, and security logs for anomalous behavior

Determine nature and scale of threats and provide recommended containment actions

Establish runbooks and participate in tabletop exercises (TTX)

• Build automation to address lower level related events
• Open and manage tickets on incidents and track to completion on the incident handling life cycle of multiple incidents for Envision Digital
• Open to working different shifts around the clock per established rotation

Required Qualifications:

• Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math)
• Some level of internship and experience working in a Cyber Command Center (aka SOC), preferably within a Cloud Service Provider (CSP)
• Some experience with working in a 24/7/365 SOC environment and understanding how it works
• Ability to triage events, demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
• Demonstration of continuous learning as well as a strong comprehension of emerging threats
• Familiar with Digital Forensics & Investigative Response (DFIR), cyber security, threat detection, penetration testing (red/blue) and vulnerability management
• Understanding of frameworks such as the Cyber Kill Chain and MITRE ATT&CK
• Working knowledge of TCP/IP communications and how common protocols and applications work at the network level, including DNS, HTTP, TLS, etc.
• Experience with Languages such as; Ruby, Python, PowerShell, Bash, etc.
• Working knowledge of cloud infrastructure such as AWS and Azure
• Knowledge of traditional SIEMs and security analytics platforms such as Splunk, Sumo, ELK, etc.
• Understanding of Network Security Monitoring practices: Security Onion, Snort, Bro, Sguil, Surricata, Snorby, or similar
• Understanding of host-based detection and IR technologies such as McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, or similar
• Experience with Python, Ruby, PowerShell or Bash to drive process automation
• Well versed in Windows, Mac, Linux, and Unix operating systems
• 
  

Preferred Qualifications:

• Good understanding of APT, Cyber Crime and other associated cyber threat tactics
• CISSP and OSCP certifications, as well as GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other GIAC certificates desired
• Familiarity with host-centric tools or other forensic software and techniques
• Familiarity with malware and reverse engineering Experience with host-centric detection and response skills
• Demonstrated experience with embedded device IR and Forensics a definite plus
• Demonstrated experience with web technologies a definite plus

Travel: Occasional travel is required (COVID pending)