FAQs
What are the main responsibilities of the Threat Detection, Response, and Intelligence Lead?
The main responsibilities include incident detection, incident analysis, incident mitigation, response planning, coordination with various teams, documentation of incident response activities, threat intelligence monitoring, conducting digital forensics, and continuous improvement of incident response processes.
What qualifications are required for this position?
Candidates must have one of the following certifications: CEH (Certified Ethical Hacker), GIAC Certified Incident Handler, CISSP (Certified Information Systems Security Professional), or CompTIA Security+. Additionally, 4-6 years of experience in Security Operations and Incident Response is required.
What specific skills are required for this role?
Required skills include proficiency in identifying threats in networks, endpoints, APIs, and user behavior, knowledge of cyber-attack techniques, operational system experience (Windows, Linux), cloud environment knowledge (AWS, Alibaba Cloud), report preparation skills, and experience with scripting languages like Python, Bash, or PowerShell.
Is experience with Splunk necessary?
Yes, candidates must have experience in Splunk Admin tasks such as data parsing and indexing.
Will I need to work outside of regular business hours?
Yes, candidates should be able to work outside of regular business hours to promptly respond to incidents.
What tools and technologies should I be familiar with?
Familiarity with intrusion detection systems, SIEM solutions, Google products, Infrastructure as Code tools like Terraform, and Cloud Native applications (Kubernetes, Docker) is advantageous.
How important is teamwork for this position?
Teamwork is crucial, as the role involves close coordination with IT, security, legal, and compliance teams to ensure an organized incident response effort.
What benefits does GCash offer for this role?
GCash offers opportunities for career growth, a highly competitive and flexible compensation and benefits package, and a collaborative work environment with a dynamic team.
Do I need to have experience in compliance frameworks like ISO27001 and PCI-DSS?
Yes, candidates must have handled either or both ISO27001 and PCI-DSS certifications as part of their information security experience.
What is the job ID for this position?
The job ID for this position is R0000014273.