IT Security (Security Operations-Threat Intelligence)

Role Summary

Plans, organizes, directs, controls and evaluates the activities of the cybersecurity operations center (KKPFG’s Threat Collaboration Environment) within an organization. Employed throughout the public and private sectors.  

Role and Responsibilities / หน้าที่ความรับผิดชอบ: 

• Responsible for Security Operations and Cyber Threat Intelligence (KKPFG’s Threat Collaboration Environment) Strategy.
• Provides immediate and detailed response activities to mitigate or limit unauthorized cybersecurity threats and incidents within an organization. This includes planning and developing courses of action; prioritizing activities; and supporting recovery operations and post-incident analysis.
• Plans, organizes, directs, controls and evaluates the activities of the cybersecurity operations center (KKPFG’s Threat Collaboration Environment) within an organization. Employed throughout the public and private sectors.
• Responsible for identifying, isolating, mitigating, and reporting critical incidents in a timely and effective manner

·       Maintain situational awareness of escalated events and alerts, tools status, vulnerability status, forensics and malware investigations, intelligence status, and all other SOC functions

• Manages watchlist and alerts assigned to technicians/analysts/engineers (quality and volume)

·       Manages and assists a team of analysts, engineers, and technicians by providing guidance, mentoring, and performance feedback

·       Develops and maintain system monitoring, process, policies, and procedures including documents standard operating procedures (SOP’s)

·       Develops, improves, and maintains procedures and workflows for SOC management, including escalation and notification procedures

·       Develops improves, and maintains metrics to measure the effectiveness of the SOC, including Service Level Targets (SLT) compliance, response times, and customer satisfaction

• Responsible for collecting data and information from various sources in order to identify, monitor, measure and counter cyber threats.
• Provide current, actionable threat intelligence in order to drive comprehensive detection coverage against global/opportunistic and healthcare-specific threat vectors

·       Perform threat hunting across a multi-OS/multi-cloud environment

·       Perform in detection engineering prototyping and prioritization efforts

·       Assist with red team/adversary emulation activities to assess efficacy of existing security controls

·       When required, provide intelligence support for security engineering, risk analysis, and incident-response efforts

Qualifications / คุณสมบัติ:   (ควรเรียงลำดับข้อมูลดังนี้)

• Bachelor or Master’s degree in Computer Engineering, MIS, IT or a related field.
• At least 5 years experiences in cyber security area.
• Professional certificates related to work (e.g. CTIA , CHFI or similar general security certification) is desirable
• A positive, can-do attitude, who naturally expresses a high degree of empathy to others.
• Efficient communication and team- player skills.

Specific knowledge and skill / ความรู้เฉพาะตำแหน่ง: 

• Strong cyber threat intelligence and information security experience in complex organizations
• Strong research, analysis and investigation skills.

·       Prior experience in cyber threats analysis and tracking advanced threat actors.

·       Knowledge of OSINT sources and its use/value.

·       Diamond model and cyber-kill chain understanding and ability to pivot through the phases vertexes of diamond through all intrusion phases.

·       Understanding of intelligence lifecycle and indicator lifecycle.

·       Ability to understand and evaluate incident response data – results of log analysis, packet captures, output of forensic memory and disc examination.

·       Knowledge of types of malware and how they operate, ability to perform simple assessments of malicious files – comfortable with basic static and dynamic analysis

• Experience in system and application security management and control.

·       Experience in facilitating information security risk assessments.

·       Familiarity with cyber security threats, defenses, motivations and techniques.

·       Familiarity with security concerns facing large enterprises.

• Birthday Leave
• Dental insurance (สิทธิการเบิกค่าทันตกรรม)
• Life insurance (ประกันชีวิต)
• Provident Fund
• Staff training and development
• Work from home
• 5-day work week
• Social security
• Health insurance
• Accident Insurance
• Flexible working hours
• Performance/results-based bonus