Logo of Huzzle

Threat Detection, Response, and Intelligence Lead

image

GCash

Yesterday

  • Job
    Full-time
    Mid & Senior Level
  • Software Engineering
    IT & Cybersecurity
  • Manila

AI generated summary

  • You need 4-6 years in Security Operations, certifications (CEH, CISSP, etc.), Splunk Admin skills, threat detection expertise, cloud knowledge, scripting experience, and strong analytical abilities.
  • You will monitor and analyze security incidents, implement mitigation strategies, coordinate with teams, document activities, leverage threat intelligence, conduct forensics, and improve response processes.

Requirements

  • Must have any 1 of the following:
  • CEH: Certified Ethical Hacker
  • GIAC Certified Incident Handler
  • CISSP: Certified Information Systems and Security Professional
  • Comptia Security +
  • With 4-6 years experience on Security Operations and Incident Response
  • Has experienced in Splunk Admin such as data parsing and indexing
  • Must have a strong position around Information Security and must have handled either or both ISO27001 and PCI-DSS certifications
  • Proficient in identifying threats in network, endpoints, APIs and user behavior.
  • Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, etc.
  • Knowledge of various operating system flavors including but not limited to Windows and Linux
  • Knowledge in cloud environment (AWS, Alibaba Cloud)
  • Knowledge of applications, databases, middleware to address security threats against the same.
  • Proficient in preparation of reports, dashboards and documentation
  • Good Analytical skills, Problem solving and Interpersonal skills
  • Working knowledge and experience with Google products with proficiency in Google sheet
  • Some tasks may involve high-pressure situations and the need for quick decision-making.
  • Experience using a scripting language such as Python, Bash, OR PowerShell.
  • Knowledge with Infrastructure as Code tools like Terraform
  • Experience with Cloud Native applications (Kubernetes, Docker) is an advantage.

Responsibilities

  • Incident Detection: Monitor network and system logs, security tools, and alerts to identify potential security incidents. Utilize intrusion detection systems, SIEM solutions, and other technologies to detect and report anomalies.
  • Incident Analysis: Investigate and analyze security incidents to determine the scope, impact, and root cause. Identify the nature of the threat, the methods used, and potential vulnerabilities exploited.
  • Incident Mitigation: Develop and implement strategies to contain and mitigate security incidents. This may involve isolating affected systems, patching vulnerabilities, and applying appropriate security controls.
  • Response Planning: Create and maintain incident response plans and playbooks to ensure an organized and effective response to different types of incidents. Collaborate with relevant teams to establish incident response procedures.
  • Coordination: Work closely with IT, security, legal, and compliance teams to coordinate incident response efforts. Ensure clear communication and collaboration during incident handling.
  • Documentation: Maintain detailed records of incident response activities, including evidence, actions taken, and lessons learned. Prepare incident reports for management and stakeholders.
  • Threat Intelligence: Stay current with the latest cybersecurity threats, vulnerabilities, and attack techniques. Leverage threat intelligence sources to enhance incident detection and response capabilities.
  • Forensics: Conduct digital forensics and malware analysis to understand the nature of incidents and gather evidence for potential legal actions.
  • Continuous Improvement: Review incident response processes and procedures regularly, identifying areas for improvement, and recommending updates to enhance the organization's security posture.
  • Working Schedules: Able to work outside of regular business hours to respond to incidents promptly.

FAQs

What are the main responsibilities of the Threat Detection, Response, and Intelligence Lead?

The main responsibilities include incident detection, incident analysis, incident mitigation, response planning, coordination with various teams, documentation of incident response activities, threat intelligence monitoring, conducting digital forensics, and continuous improvement of incident response processes.

What qualifications are required for this position?

Candidates must have one of the following certifications: CEH (Certified Ethical Hacker), GIAC Certified Incident Handler, CISSP (Certified Information Systems Security Professional), or CompTIA Security+. Additionally, 4-6 years of experience in Security Operations and Incident Response is required.

What specific skills are required for this role?

Required skills include proficiency in identifying threats in networks, endpoints, APIs, and user behavior, knowledge of cyber-attack techniques, operational system experience (Windows, Linux), cloud environment knowledge (AWS, Alibaba Cloud), report preparation skills, and experience with scripting languages like Python, Bash, or PowerShell.

Is experience with Splunk necessary?

Yes, candidates must have experience in Splunk Admin tasks such as data parsing and indexing.

Will I need to work outside of regular business hours?

Yes, candidates should be able to work outside of regular business hours to promptly respond to incidents.

What tools and technologies should I be familiar with?

Familiarity with intrusion detection systems, SIEM solutions, Google products, Infrastructure as Code tools like Terraform, and Cloud Native applications (Kubernetes, Docker) is advantageous.

How important is teamwork for this position?

Teamwork is crucial, as the role involves close coordination with IT, security, legal, and compliance teams to ensure an organized incident response effort.

What benefits does GCash offer for this role?

GCash offers opportunities for career growth, a highly competitive and flexible compensation and benefits package, and a collaborative work environment with a dynamic team.

Do I need to have experience in compliance frameworks like ISO27001 and PCI-DSS?

Yes, candidates must have handled either or both ISO27001 and PCI-DSS certifications as part of their information security experience.

What is the job ID for this position?

The job ID for this position is R0000014273.

Realizing a vision of a cashless society leading to Finance for All.

Finance
Industry
501-1000
Employees
2015
Founded Year

Mission & Purpose

Mynt is the first and only duacorn in the Philippines. It's a leader in mobile financial services focused on accelerating financial inclusion through mobile money, financial services, and technology. Mynt operates two fintech companies: GXI, the mobile wallet operator of GCash — the #1 Finance App in the Philippines, and Fuse Lending, a tech-based lending company that gives Filipinos access to microloans and business loans. Mynt, through its fintech operations, is a staunch supporter of the United Nations Sustainable Development Goals (SDGs), particularly UN SDGs 5,8,10, and 13, which focus on safety & security, financial inclusion, diversity, equity, and inclusion as well as taking urgent action to combat climate change and its impacts, respectively.