Security Information and Event Management (SIEM) Jobs

As one of Malaysia's top app development companies, Snappymob helps top brands in Malaysia and around the world turn their ideas into reality. Our clients span from startups to multinationals across many industries including finance, media, healthcare, energy, and education.

We are simply passionate about creating impactful digital products.

We achieve this by pairing awesome user experience design and solid software engineering. We work hard to help our clients achieve success – while providing them with honest, no-nonsense advice. Our work has reached the hands of millions of users!

Role

As a Backend Developer at Snappymob, you'll be an integral member of the software engineering team that designs and develops world-class applications. You'll be working on mission-critical software applications that are relied on by our customers to be highly reliable and performant. You will develop and implement programs and processes to reduce information security risk and strengthen Snappymob’s security posture.

You'll be working closely with other engineers and team members to work on delightful applications and features that make a big impact on users. We're looking for people who share our passion for writing great software; love making use of best practices in our software development process; have fantastic attention to detail; and love to learn.

Responsibilities

• Architect, design, and develop hunting exercises to detect and respond to threats. 
• Develop anomaly detection dashboards and reports to identify potential threats.
• Monitor for security indicators by correlating and analysing a variety of security logs.
• Resolve accurate remediation actions and critical issue paths for security incidents · Develop scripts to support the automation of the detection and incident response process.
• Recommend new and emerging security solutions and technologies.
• Deliver self-service security metric data of discovery, triage, and analysis of team findings
• Windows, Linux, and standard network processes and protocols
• Scripting languages such as Python, Perl, and PowerShell
• Operational security tools and practices like SIEM, IDS, firewalls, and third-party products

Requirements

• 2 or more years of experience as a security engineer.
• Demonstrable passion in full stack engineering.
• Focus on continuous knowledge-seeking and improvement.
• Ability to think critically, analyze and break down problems into manageable components.
• Strong attention to detail.
• Ability to communicate and work well with others.

Advantages

• Experience with e-commerce platforms: Magento, WooCommerce, etc.
• Experience with content management systems: Drupal, WordPress.
• Experience with self-hosting cloud services (e.g. NextCloud, Gitlab, Gitea),  or other SysAdmin-related tools/services (e.g. Wireguard).
• Experience with containerization and orchestration solutions, e.g. Docker and Kubernetes.
• Experience in at least one backend framework: SpringBoot, NestJs, .NET or Laravel.
• Experience in at least one frontend framework: NextJs, Vue.js, React or Angular.

1.Triage of security alerts that includes but not limited to malware, denial of service, unauthorized access, etc.

2. Conduct incident investigations on SIEM tools.

3. Perform threat hunting on networks to detect and isolate threats.

4. Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)

5. Continuous optimization, tuning and monitoring of SIEM solution

6. Hands on experience around administrating and threat hunting on EDR, XDR, DLP and SIEM tools.

7. Ability to analyze endpoint, network, and application logs

8. Identify false positives, analyse reported spam, phishing, and suspicious emails and understanding of email security concepts: SPF, DMARC, DKIM

9. Immediate Joiners

We are looking for a capable System Administrator to take over all aspects of the configuration and maintenance of computer systems. A System Admin should be able to diagnose and resolve problems quickly and should have the patience to communicate with a variety of interdisciplinary teams and users.

Monitoring and reporting all points mentioned below.

Ensure Security updates are installed:

• Regularly checking whether the Antivirus software is updated for users.
• Regularly monitor platforms like Google to ensure everybody is using up-to-date applications with no security issues.
• Regularly Email users about the security updates that they need to install on their laptops and PCs.

Antivirus

Centrally managed antivirus should be installed on all laptops and mobile devices. 

• Adding a purchase request for any additional licence that we might require.
• Pushing new software updates on users’ laptops.
• Keeping up-to-date with antivirus updates so all our devices are secure.
• Miradore user agent 

Mobile device and access management

• Set rules and configure settings on personal and organisation-owned devices to access data and networks.
• Deploy and authenticate apps on devices -- on-premises and mobile.
• Protect company data by controlling the way users access and share information.
• Make sure devices and apps are compliant with security requirements.
• Only provide user access to laptops (No admin access, excluding developers)
• All new software installation requests will go through the system admin to make sure nothing is installed on work laptops that poses a security risk.

Vanta compliance-related tickets

• Vanta will continue to monitor and create issues to be compliant with ISO 27K over time. The system administrator must resolve all such system-related tickets.

Access management to different user applications

• Access should be restricted to only what is necessary to perform job duties ("principle of least privilege").
• Technical access to all the company’s networks must be formally documented, including the standard role for approver, grantor, and date.
• Only authorised employees and third parties working off a signed contract or statement of work, with a business need, shall be granted access to the company’s production networks.
• The company’s guests may be granted access to guest networks after registering with office staff without a documented request - guest network management.

Removal media encryption

• Research removable media encryption and figure out if removable media should be implemented and make sure it is always encrypted.

MFA reset and debugging

As we are enabling MFA for more and more applications that we have, more people are likely to have issues with it as the business moves forward. 

• Different online applications will have different ways of handling the MFA reset; a system admin should be familiar with all.

Website watcher configuration and email issues

• Software like Website Watcher keeps having email issues, as it sends emails in huge numbers every day. The system administrator must keep an eye on the emails and fix issues promptly as and when they arise.

Office network management

• System admin can help in creating guest networks in the office and making sure that the network is as secure as possible.

Phishing emails

• Finding the optimal solution to prevent phishing emails from getting delivered.
• Verifying emails sent by our staff to check for phishing emails.

Security incidents handling

• System admin must monitor incident and event tickets and assign severity tickets.
• Continuous checks to ensure the security incident policies are being followed and up to date
• A root cause analysis report must be documented and referenced in incident tickets.
• A central "War Room" will be designated for handling security threats. This may be a physical or virtual location  (i.e., Slack channel) and managed by the system admin.
• Conducting recurring Incident Response Meetings until the incident is resolved (as per the company's established norms)

Implement password policy

• Password policy must be in place to ensure that users are using secure passwords that are not easily crackable.

Add-ons:

• Devops is a plus point

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

F5 is looking for a Sr. Security Engineer with experience in building, integrating, operating, and maintaining robust security monitoring and auditing systems. F5’s Edge 2.0 platform provides global, scalable, and secure way to deploy applications. In this position, you will build and maintain monitoring and audit systems across the platform that provide necessary visibility and alerts to effectively defend the platform.

Responsibilities:

• Collaborate with software architects, security defenders, Operations, SRE, compliance experts, and business leaders to understand the logical boundaries of the systems and identify the events to monitor, audits to maintain, alerts to tweak, as well as systems to integrate with
• You will continuously hunt for areas and metrics to be added into monitoring systems for better operational visibility, incident response capability, availability, and forensics capability of the overall platform
• You will participate in the definition of processes around change and inventory management and develop solutions to audit the changes
• You will work with other teams within security organization to define communication and alerting protocols for effective and timely actions
• You will participate in defining and executing the Incident Response Plan for the platform and be responsible for providing necessary information during the response and forensics
• Demonstrate technical leadership in multiple domain areas, providing mentorship to other team members

Minimum qualifications:

• BS degree in Computer Science or equivalent with 5+ years of security operation and monitoring experience
• Experience with logging, monitoring, SIEM, dashboarding tools like AWS GuardDuty, Sumo, Grafana, SolarWinds, DataDog, Splunk, etc.
• Working knowledge of at least one Cloud Computing platform (e.g. Amazon AWS, Microsoft Azure, Google Compute etc.)
• Good understanding of how to handle logs from various systems, integrate with systems handling logs and metrics, how to setup and tune alerts based on thresholds and policies
• Hands on experience with computer programming languages and/or scripting languages such as Python, Java, Shell
• Good understanding of complexities and security challenges in large-scale distributed systems
• Working knowledge of Cloud orchestration systems such as Kubernetes, Openstack etc.
• Self-motivated and willing to delve into new areas and take on new challenges in an enthusiastic manner
• Excellent written and verbal communication skills
• Strong interpersonal, team building, and mentoring skills

Job Description

Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)

Responsibilities:

Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.

Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.

Minimum Requirements:

10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)

Hands-on experience with writing threat hunting hypothesis & active threat hunting

Experience with YARA rule and OpenIOC signature creation.

Experience with multi-tiered mission-critical systems.

Experience in opensource sandbox and honeypots.

Preferred Certification

GIAC Cyber Threat Intelligence (GCTI)

C| TIA (Certified Threat Intelligence Analyst)

CCTIA by the NICCS

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

What you will be doing:

• Participate in network and security initiatives, network designs, project plans, and deployments as well as coordinating technical issues with vendors and internal teams
• Contribute to design, installation, maintenance, vulnerability remediation, and monitoring of network and security systems
• Responsible for expert-level troubleshooting of any problems relating to global issues - participation in security incident management and response.
• Providing support and guidance to Technology teams across network and security technologies.
• Adhere to IT access-management incident response and change control procedures (ITIL)
• Continuous documentation of the IT network infrastructure including technical specifications, design documents, roll-out, and disaster recovery plans

What we are looking for:

A Network Security engineer with a solid comprehensive background in:

• Ability to manage, supervise and delegate multiple tasks
• Strong experience with SIEM and log management
• EDR (Endpoint Detection and Response - especially in Microsoft ATP, Defender or SentinelOne) configuration and management.
• Vendor management; including SOC (Security Operations Centre) providers
• Global Security Incident management support
• Experience in SD-WAN (Meraki) management and troubleshooting
• Knowledge of network security, hardening network equipment, and vulnerability scans
• Experience in Microsoft security and endpoint management tooling such as MCAS and MEM
• Excellent troubleshooting skills. Ability to rapidly identify respond to and resolve issues
• Proven experience in remote access technologies (ZScaler an advantage)
• Excellent communication skills (written and verbal).
• An ability to work under pressure and take ownership of tasks and customer issues.
• Ability to work individually and as part of a global Infrastructure Technology team with regional teams in India, UK and North America.

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

www.banyandata.com  

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• Monitors alerting tools and also handles escalated incidents from Helpdesk, Desk Side Team (Desktop Support), Network Team and end users.
• Triages alerts as they come in and action appropriately
• Respond to common alerts in a consistent and repeatable manner from multiple alerting sources
• Responsible for triage of C2 alerts, Phishing attempts & AV Alerts and botnets which will make up the majority of the day to day threats
• Provide escalations of unknown threats to Level 2
• Identify security events and trigger the call list / distribution list.

• Understanding security policy and compliance considerations
• Possess solid understanding of enterprise grade technologies including operating systems, databases and web applications.
• Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc.
• Demonstrate capabilities for network traffic analysis for identifying any developing patterns.
• Network infrastructure knowledge.
• Knowhow of diverse device configurations and underlying principles
• Security configuration knowledge
• Experience of data management and inherent considerations including privacy laws, data protection laws, etc.
• Experience of working in high performing teams and understand the dynamics of teamwork in a SOC environment.
• Experience of performing vulnerability scans in a professional environment is preferable.

• Splunk
• Tenable Nessus
• FIRY EYE HX

• CEH
• ISO27K (Preferred)

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting