Security Incident Responder (IR):

Security incident responder (IR) is responsible to identify, triage, respond, contain, report, and recover from security incidents. It helps organizations by focusing on the resolution of security incidents in a timely and appropriate manner, providing clear visibility and traceability through the process.

This IR capability is heavily process focused and describes how a Cyber Security program should handle a security incident, including appropriate communication across the company.

Security Incident Management utilizes all the other capabilities identified in the Logical Operating Model in order to identify, triage, and respond to an security incident. It also provides an extension to the IR playbook process already in place within the SCBX group organizations with continuous improvement.

Key responsibilities with these requirements, but not limited to:

• Establish a consistent approach to handle security incidents under committed OLA, SLA, MTTX matrix.

• Effectively and efficiently contain and eradicate cyber threats with all subsidiaries.
• Recover impacted assets from technical and business damage done by cyber threats.
• Develop and distribute security incident reports to all key stakeholders.
• Incorporate root cause and lessons learned into an improvement plan.
• Strengthen processes and maturity of Group security operations.
• Continuous improve security incident operations.

• Security Incident Identification, Triage and Response with MS Sentinel SIEM and SOAR cover 24*7 detection & analysis, containment, eradication & post incident investigation on high, rather high, moderate, rather low and low severity.

• Access to internal or external IR specialists to support in Digital forensics investigations and IR team, Threat hunting using Microsoft Sentinel to proactively identify threats in the environment.
• Gather cyber threat insights on security incidents through governance reporting covering weekly operational reports, monthly tactical reports and quarterly management reports.
• Review use-cases onboarding and continuous optimizations to comprehensively detect threats for all subsidiaries environments.

• Works smooth with SOC operation outsources team under the SCBX Cyber Defense Operating Model.

• Support in helping subsidiaries to containment and resolve security incidents within MTTC SLA.
• Maintained and updated security incident response playbooks and runbooks with all subsidiary’s acknowledgement.
• Develop, design and participate in cyber tabletop exercises.

Requirements with these requirements, but not limited to:

To be successful in this role, you should have experience in most of the following:

• 5-7 years’ experienced in cyber security incident response or SOC environments. If you worked in Financial industry will be plus score.

• Strong knowledge of cyber security principles and practices, including vulnerability assessment, incident response, and SOC architecture. If you have Cyber/IR certificates related will be plus score.

• Strong knowledge and skills of security threats, attack countermeasures and threat detection/prevention/mitigation.

• Working experience in SOC (Security Operations Center) with hands-on experience with Automated Analytic Rules and Automation Playbook on MS Sentinel.

• Experience with a variety of cyber security tools such as SIEM, EDR, Firewall, IPS, etc and SOC technologies. Excellent analytical and problem-solving skills.
• Hands-on experience in provisioning and interpreting log and network packet data, cloud environment.
• Ability to work independently and as part of a team.

• Ability to communicate complex technical concepts to both technical and non-technical audiences in both of Thai and English.

• Experienced in multi-vendor management.

Join our team and contribute to ensuring the best availability and efficiency of our Cyber Defense strategy and Cyber Defense Operating Model.

Apply today to play a crucial role in safeguarding our organization's security.