25 days ago
Cybersecurity – incident response
As part of a dedicated incident response consulting team your role will involve building, developing and overseeing the Cybersecurity Incident Response capability for this rapidly expanding security consultancy.
You will be expected to maintain deep, up-to-the-minute knowledge of latest developments in the global cybersecurity threat environment to enable you to respond immediately and effectively to cybersecurity attacks that may affect clients’ business processes, data and infrastructure.
- Work as a core team member of the company’s cybersecurity incident response capability in Hong Kong and, as required, in other territories.
- Lead and/or act as the primary technical expert in cybersecurity incident response investigations.
- Work with clients to actively recommend and execute cybersecurity hygiene and other actions to evade, build immunity and pre-empt cyber-attacks.
- Identify and validate breached and compromised systems and take action to stop attacks from spreading across the client infrastructures.
- Conduct forensic investigations to identify and document data, resources, processes, and people compromised via cybersecurity incidents and recommend actions to repair, restore, cleanse, or compensate affected assets, persons, or organizations.
- Produce regular cybersecurity threat and incident reviews along with periodic threat intelligence digests, that can be understood by non-technical persons.
- Assist clients in preparing contingency plans and checklists designed to expedite diagnosis and effective response to cybersecurity incidents and compromises.
- You may be expected to maintain out of hours availability to respond to cybersecurity incidents and emergencies.
- 3-10 years’ experience in front line cybersecurity roles.
- Expert knowledge of tools and techniques used to conduct of disk forensics, network forensics, log analysis and malware triage in support of incident response examinations.
- Ability to quickly develop a thorough understanding of physical computing assets, software, and third party (i.e. “IaaS, PaaS and SaaS”) services deployed at client premises and their potential points of compromise and failure.
- Familiarity with the tactics, techniques and procedures (TTP) of threat actors and the ability to develop scripts and create tools for quick identification of threat agents in a compromised network.
- Bachelor’s degree, or higher, in computer science, electronic engineering, or equivalent subject areas with formal training in cybersecurity, digital forensics, and/or data protection.
- Current holder of CISSP (Certified Information Systems Security Professional) and/or GIAC (Global Information Assurance Certification, such as GCIH or GCFA) – or equivalent. Additional cybersecurity-related certifications are advantageous.
- Fluency in English and Cantonese