Cyber Threat Specialist ( ITS05S1069-0 / 50170082 )

Part A: Job Specification

Job Purpose

• Protect the organization’s Information Technology (IT) and Operational Technology (OT) environments by detecting, investigating, and proactively hunting for cyber threats, while bridging intelligence and operations to transform threat data into actionable detections and hunting activities. Work with the SOC team to enhance and strengthen the organization’s overall cyber defence resilience and composure.

Job Context & Major Challenge(s) - I

• Major challenges includes: (1)keeping pace with evolving threat landscape as attackers develop new techniques and strategies, (2) understanding of security operations centre (SOC) 24x7, (3) supporting the Information Risk Management Division Manager in dealing with an increased cybersecurity risk due to the geopolitical situation, (4) contributing to the ongoing continuous improvement of SOC due to the current maturity level and the changing threat level, and  (5) keeping up to date with IT and OT cyber threats to stay ahead of such threats.

Key Job Accountabilities - I

• Perform proactive threat hunting across IT and OT networks using intelligence from the Threat Analysts to uncover stealthy or undetected threats.
• Analyse and correlate security incidents to understand attacker behaviour, techniques, and campaign patterns beyond simple alerts.
• Bridge threat intelligence with detection logic, translating new Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and adversary trends into actionable detection content for the SOC Engineers to implement.
• Conduct deep-dive investigations on high-severity alerts, ensuring accurate root cause determination and actionable recommendations. Prepare technical briefings reports summarizing threat findings and lessons learned for management.
• Support incident response teams during containment and eradication phases by providing context on attacker tools, tactics, and infrastructure.
• Collaborate with the SOC Engineers to refine Security Information and Event Management (SIEM) use cases, detection rules, and Security Orchestration, Automation, and Response (SOAR) playbooks based on threat hunting outcomes.

Key Job Accountabilities - II

• Perform malware reverse engineering and behavioural analysis, extracting Indicators of Compromise (IOCs), YARA rules and technical findings to feed into threat hunting and detection development.
• Develop and maintain threat profiles for key adversaries and attack scenarios targeting both IT and OT environments.
• Continuously improve analytical techniques, staying current with emerging threats, tools, and frameworks like MITRE ATT&CK.
• Ensure alignment with legal and ethical guidelines to ensure team activities are authorized and do not compromise company’s integrity or reputation.

Part B: Person Specification - Minimum Requirement

Qualifications

• Bachelor’s degree in information security, computer science or engineering.
• Professional certification such as GCTI, GCIA, GCIH or GREM.

Knowledge and/or Experience - I

• 10 years information security experience in a similar position.
• Proven experience in cyber threat analysis, hunting, and incident investigation across both IT and OT environments.
• Strong understanding of network protocols, malware behaviour, and adversary TTPs aligned with the MITRE ATT&CK framework.
• Experience with SIEM/SOAR platforms, threat intelligence tools, and log analysis for advanced threat detection.
• Strong analytical and investigative skills with hands-on experience in threat hunting.
• Practical knowledge of malware reverse engineering, static/dynamic analysis tools (e.g., Ghidra, IDA Pro, or x64dbg), and IOC extraction.

Technical and Business Skills - I

• Ability to assess and evaluate risk and the impact of legislation and actively promotes compliance.
• Possesses a good understanding of IT and OT business applications.
• Effective and persuasive in both written and oral communication.