Senior Cyber Security Engineer

Protecting RHB against advanced cyber threats through proactive detection engineering, continuous threat hunting, and rapid incident response. Design and implement detection logic, lead hunts for known & unknown threats, and respond to incidents to contain and eradicate malicious activity across on-premises and cloud environments. This role will be technical SME for cyber security related matters.

Key Responsibilities:

Solution Engineering

• Maintaining of security solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement, UAMR etc.)
• Ensure events / logs from all relavant devices are sending to SIEM solution in a complete and accurate manner
• To produce monthly SIEM system health report (completeness and accurate)
• Assist in the design, evaluation, and implementation of new security technologies

Proactive Threat Hunting

• Perform hypothesis-driven threat hunts using advanced analytics, behavioral patterns, and threat intelligence.
• Analyze various logs sources to identify anomalous activities, potential compromises, and previously undetected threats
• Develop and refine hunting methodologies and detection logic to improve visibility and coverage
• Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
• Document and communicate hunting results, including risk impact and recommended mitigations.

Detection & Response

• Continuously develop, finetune and review SIEM use cases based on Mitre Attack framework and current threat landscape
• Contribute to the continuous improvement of detection capabilities and automation processes.
• Correlate data from multiple sources (network logs, endpoint telemetry, cloud environments) to detect stealthy or novel attacks.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, internal threat landscape, etc.

Digital Forensic

• Lead response and investigation efforts into advanced/targeted attacks
• Lead in incident response activities such as digital forensic, host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
• Provide expert analytic investigative support of large scale and complex security incidents
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog

Incident Response

• Lead or support security incident investigations from detection through containment, eradication and recovery
• Perform deep-dive and forensics analysis during ongoing or post-incident reviews.
• Develop post-incident reports and lessons learned to drive improvements in detection and response capabilities

Research and Continuous Improvement

• Stay up to date with emerging threats, attacker behaviors, and cybersecurity trends.
• Develop and maintain custom scripts and tools to automate hunting and analysis tasks (e.g., Python, PowerShell, or Bash).
• Knowledge sharing through internal training sessions and threat briefings
• Mentor junior analysts and engineers on threat analysis methodologies