#SGUnitedJobs Intrusion Analyst

  • Job Category
    Information Technology, Public / Civil Service
  • Job level
    Middle Management
  • Contract type
    Full Time

Job Description

The Government IT Security Incident Response (GITSIR) team’s objective is to support the IT Security Incident Framework for the Government. It is the primary point of contact for all security incidents in the Government and serves as a central interface for coordinating with external parties such as other government agencies, external organisations, Internet Service Providers and law enforcement. Incident Response Team (IRT) is part of the Government IT Security Incident Response team within the overall Protect, Detect and Respond (PDR) Operations of the Government Cyber Defence (GCD) team. The team offers technical assistance and advice on investigating, resolving and recovering from security incidents, with the aim to minimize the impact to the Government.

As an Intrusion Analyst, you will be a key individual contributor responsible for initial analysis, monitoring and escalation of security events detected from controls. You will partner with security incident response officers from lines of business organizations to triage security events and report on impacting security initiatives. Besides that, you will be responsible for mentoring and developing the skill sets of less experienced team members; also develops and implements processes or controls in support of security incident response. The successful candidate will take rotational on-call duties as required

What to Expect:

  • Responsible for monitoring and analysis of cyber threats; assisting users remotely in handling and resolving reported security incidents, answering queries concerning published security advisories
  • Able to perform analysis effectively, identify the root cause and escalate the incident to the next level, if necessary
  • Deliver messages across a wide spectrum of individuals having varying degrees of technical understanding
  • Working in tandem with the Ministry and Agency CISOs to support their initiatives and achieve Whole of Government goals
  • Identify, escalate and debate all security risks in line with the IT Security Incident Framework
  • Analyse events/metrics and escalation data, identify patterns and trends on high risk controls and proactively suggest, develop and implement enhancements to reduce risk
  • Demonstrates a commitment to learning and adjusts to changing demands and requirements
  • Commits to meeting the expectations and requirements of both external and internal business partners
  • Handles active security events and highly current threats; on call and after hours work can be expected although we rotate to approximately one week every month
  • Utilize new intelligence to update existing controls and detect new threats against the Whole of Government

How to Succeed:

  • Bachelor or Master of Computer Science or Electrical/Computer Engineering or equivalent
  • At least 3 years of experience in Cyber Security Incident Response role, with strong Intrusion Analysis background and must be able to identify and interpret weblogs from various webservers
  • Strong knowledge of current exploits, common network protocols, Linux and Windows operating systems
  • Familiar with scripting languages and regular expressions
  • Working knowledge of enterprise Client / Server architecture
  • Good knowledge of TCPIP, SSH and HTTP protocols
  • Experience doing packet captures and interpreting them (E.g. Wireshark)
  • Understanding of stateful firewalls and able to interpret firewall rules
  • Able to interpret SQL, Apache web logs, IIS, Active Directory and other security logs
  • Full understanding of modern web site deployments and technology
  • Familiarity with web application attacks including SQL injection, cross-site scripting, and remote file inclusion
  • Able to adapt communication style to the audience and work independently on initiatives with little oversight
  • Singaporeans only.

Closing on 19 Jul 2021