Crypto.com

As a member of the ETMSA team at Crypto.com, you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

Responsibilities

- Report to Director to facilitate all phases in the incident response lifecycle

- Be involved in various incident prevention projects to improve Security posture

Preparation:

- Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.

- Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly

Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements

- Evaluate the incident response readiness of different layers - people, process, technology

Detection & Analysis:

- Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.

- Respond to cyber security incidents in compliance with the local authority / regulatory requirements.

- Assess the risk, impact and scope of the identified security threats

- Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs

Containment, Eradication and Recovery:

- Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident

- Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.

- Document and present investigative findings for high profile events and other incidents of interest.

Post incident activities:

- Provide lessons learnt meeting to the stakeholders

- Lead and keep track on the follow-up activities

- Document the incident in the case management system and provide incident reports

Always ready to jump in, in the event of security incidents.