SOC Security Expert (L2)
A global AIoT software leader in Net Zero, Envision Digital is committed to becoming the world’s leading net zero technology partner for enterprises, governments, and cities to accelerate progress and improve their citizens’ quality of life.
EnOS™, Envision Digital’s proprietary AIoT operating system, connects and manages more than 110 million smart devices and 360 gigawatts of energy assets globally. Envision Digital’s growing ecosystem of more than 360 customers and partners spans 10 industries and includes Accenture, Amazon Web Services, GovTech Singapore, IBM, Keppel Corporation, Microsoft, Nissan, PTT, Solarvest, Total and ST Engineering. The company has close to 900 employees and 12 offices across the United Kingdom, France, Germany, the Netherlands, Norway, Japan, Thailand, China, and the United States, with headquarters in Singapore.
For more information, please visit www.envision-digital.com/
SOC Security Analyst
Envision Digital International (EDI) is seeking a Level 2 SOC Analyst that will join our Cyber Security Operations Center team. This is an intermediate role that will be closely working with the internal CERT for incident response.
L2 SOC Analyst is an operational role, focusing on real-time security event monitoring and security incident investigation. As an L2 SOC Analyst, you will proactively hunt security threats and risks involving EDI’s infrastructure.
Candidate will be required to work in a rotating 24/7 shift in the Cyber Security Operations Centre @ Envision Digital office
- To monitor security alerts from various sources such as the Security Information and Event Management (SIEM) and action them through SOAR
- To manage alerts and incidents at all phases (triage, investigation and mitigation and remediation) and create incident report and implement lessons learned
- To create and update playbooks and standard operating procedures and protocols
- To assist in the development and fine-tuning of SOC tools and systems such as SIEM rules for detection and SOAR actions and playbooks for automation.
- To participate in security projects by reviewing and providing recommendations and improve security policies and procedures.
- To train and mentor Level 1 Analysts and new team members, sharing knowledge and experience and providing support for complex incidents
- To review and ensure the quality of cases handled by L1 SOC
- To liaise directly with DFIR and conduct forensic analysis for escalated incidents and participate in root cause analysis to prevent future occurrences
- To ensure all activities adhere to regulatory compliance and security policies and participate in compliance audits as required
- To liaise with Security Engineer to maintain, improve, and implement security tools as needed
- To participate in the development and delivery of security awareness training for employees
- To escalate timely when the SLA for alerting is not met
- To collaborate with other teams (like IT, HR, Legal) to ensure organizational readiness and response to security incidents
- To generate regular and ad-hoc reports summarizing the performance of SOC operations and identified threats.
- To conduct proactive threat hunting activities to detect new, invisible and emerging threats
- To perform risk assessments on user requests and various business needs
Qualifications & Experience:
- At least 5 years of working experience on an Incident Response Forensic or any advanced SOC activities.
- Good understanding of security best practices and concepts, architectures and platforms
- Knowledge of Windows and Unix-based systems/architectures and related security
- Knowledge in Public Cloud security
- Knowledge in Automation and Scripting abilities (i.e. powershell, python)
- Experience with security use case definition according to ongoing threats
- Required to work 24/7 standby and working hours will be across 7 days a week with 2 days off in a week and on duty-rostered shift hours
Will be a plus:
- Certifications in Cyber Security
- Experience in defining Threat Hunting analytics (network and endpoints)
- Experience in PT and attack simulation will
- Understanding and familiarly with CIERT, NIST, CIS, ISO27001,Mitre frameworks
- Knowledge in Embedded systems/IoT is a plus