- Perform proactive monitoring for security log events for customers in 24x7 mode. (Splunk, SIEM, TrendMicro (EDR/IPS/etc) and others 3rd Party software).
- Escalate validated and confirmed incidents to designated incident response team.
- Notify Client of incident and required mitigation works.
- Fine-tune SIEM rules to reduce false positive and remove false negatives / analysis and response to previously unknown hardware and software vulnerabilities.
- Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
- Provide advisories and threat intelligence based on new trends, threats, emerging campaigns, malicious attacks, hacker group.
- Proactively research and monitor security information to identify potential threats that may impact the organisation.
- Develop and distribute information and alerts on required corrective actions to the organisation.
- Learn new attack patterns, actively participate in security forums.
- Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
- Perform threat intel research.
- Ability to run and understand Sandbox Static Analysis.
- Track and update incidents and requests based on client’s updates and analysis results.
- Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.
- Assist the Level 2 with monthly and ad-hoc reporting - responsible for completing statistical and status reports, as well as providing fast and timely responses.
- Perform as an escalation point for all incidents relating to potential security.
- This position required to work on shift by rotation.

- Undergraduate in Computer Security, Computer Forensics, Network Security or equivalent are encouraged to apply.

Email to: layhar@lifetech.com.my