Location: Hong Kong, Hong KongThales is a leading multi-domestic electronics and systems group, addressing Defence and Security, Aerospace and Ground Transport markets worldwide. State-of-the-art technologies combined to the expertise of 64,000 employees in 56 countries make Thales a key player in assuring security of people, assets, infrastructures, cities and nations.
Responsibilities:
• Proactively monitor systems for malicious activity and intrusions, using real-time data from various sources.
• Identify and eradicate attackers using network analysis skills.
• Maintain and update operational documentation, such as automation, incident response, and playbooks.
• Implement cyber defense processes in collaboration with customers.
• Analyze cybersecurity events to resolve issues and enhance incident handling procedures.
• Use threat intelligence to drive defense strategies.
• Investigate and handle escalated events and incidents in collaboration with customers.
• Tune detection tools for accurate alerts and minimize false positives.
• Provide practical recommendations based on threats and vulnerabilities.
• Create comprehensive reports and documentation.
• Assist with technical setup and ensure customer satisfaction.
• Act as a direct point of contact for customers, keeping them informed.
• Stay updated on cyber developments and trends.
• Availability for on-call duties as needed.
Requirements:
• Minimum 5 years' experience in cyber defense environment, including implementing and managing security monitoring and response in complex organizations.
• Operational experience in SOC, CSIRT, or CERT function.
• Knowledge of industry frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST) for improving security monitoring and detection.
• Ability to determine security system functionality and assess the impact of changes in conditions, operations, or the environment.
• Proficient in consuming threat intelligence to enhance defense capabilities.
• Skilled in investigating and leading the response to cybersecurity events and incidents.
• Experienced in developing and deploying signatures and correlation rules across various platforms.
• Familiarity with mission-critical operations teams, Linux, Windows, and Cloud environments.
• Experience in using scripting languages for automation and data manipulation, programming experience is advantageous.
• Proficient in consuming threat intelligence to detect potential cybersecurity events and incidents.
• Skilled in using security analytics tools to gather contextual data for comprehensive event assessment.
• Effective utilization of SIEM/MDR solutions and security analytics platforms to identify events requiring further investigation.
• Ability to recognize and categorize vulnerabilities and associated attacks.
• Excellent written and verbal communication skills to influence customers and minimize cyber risk through monitoring, detection, and mitigation.
• Strong understanding of information security management concepts, log parsing & management, security orchestration & automation, incident response processes, playbooks development, threat hunting, and attack vectors.
• Familiarity with network architecture, security infrastructure placement, computer network systems, and necessary controls.
• Deep knowledge of cyber defense operations, best practices, processes, defense systems, security analytics tools, and network protocols.
• Proficiency in operating systems (Linux/Unix, MacOS, MS Windows) and command line tools.
• Articulate in written and verbal communication in English. Fluency in additional APAC-region languages will be favourably considered.
#LI-JL1
At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!