InfoSecurity; Incident Handler

Get to know our Team:

The Grab Incident Response Team conducts operations for scoping, containment and eradication of malicious activity throughout all Grab environments (cloud, data centers and endpoints) across the globe. 

When not working active incidents your daily tasks will include hunt operations and project work to improve our processes and capabilities. You will also have the opportunity to work closely with other teams within the Information Security organization. 

The ideal candidate will have experience handling technically complex incidents within a cloud-based environment at a top tier technology company. Applicants for this position are assumed to have a practical (and hands-on) understanding of relevant subjects such as networking, operating systems, cryptography, etc. 

Experience and technical ability (there will be a hands-on practical challenge) will carry more weight than degrees & certifications when evaluating applicants.

The day-to-day activities:

• Handle escalations from the SOC, hunters and external reporting

• Act as incident commander for critical information security incidents

• Malware triage and analysis

• Quick-look digital forensics

• Improve incident response processes & procedures

• Training & mentoring junior Incident Response team members

• Conducting hunt operations

Requirements:

• At least five years experience in the Information Security field, including operational security monitoring, DevSecOps, incident response, digital forensics or offensive security experience

• Comfortable operating in a sometimes chaotic environment with minimal supervision & guidance

• Solid, hands-on experience with analyzing Windows, MacOS & Linux hosts

• Scripting experience in one or more languages: Python, Go, Bash, etc

• Able to travel internationally on short notice

• Participation in on-call rotation for providing incident response support after hours

• Good interpersonal, organizational, communication and time management skills

• Business-level English speaking & writing ability

Good To Have:

• Experience in cloud-based incident handling (preferably AWS and/or Azure) with a firm understanding of cloud architecture, CI/CD pipelines, microservices architecture and Kubernetes/container security

• Experience building incident response and/or hunt teams

• SANS/GIAC (GCIH, GCFA, GREM), CREST certifications or equivalent 

• Past achievements in CTF, Bug bounty or CVEs

• Published security research (papers, conference talks, etc)

• A relevant college degree