Regional Incident Response Manager, APAC

Job Description

We are currently seeking a Regional Incident Response Manager to join our Hong Kong offices and be responsible for investigation and response to cyber security incidents across our APAC regions.

In this position you will conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, and other incidents.

You will also work with the Global Security Operation Centre to rapidly assess, remedy, and/or refer incidents to proper resolution, as well as IT and other departments to identify root cause and develop corrective and preventive measures.

Additionally, this position will work with threat assessment peers to identify and make recommendations to the InfoSec Vice President to improve the security stance and incident response capabilities of the organization.

Core Responsibilities:

• Function as an incident response handler, directing IT and other departments during security incidents, including evidence preservation, corrective action, and preventive actions
• Conduct advanced computer, mobile and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc. Assist in identifying and remediating gaps as identified throughout the investigation. Maintain technical knowledge within areas of expertise via formal training and self-education
• Conduct regional cyber threat assessments for APAC and APAC based SPE entities
• Provide expert level technical cyber security advice to the APAC region
• Design, document, and implement incident response processes, procedures, guidelines, and solutions. Responsible for technical and executive level reports on incident response issues
• Oversee and manage the global forensic lab

Candidate Requirements:

• Education Background: possess bachelor’s degree of Science
• Possess certification/licenses of Incident and Forensic Security certification (GNFA / GCIH / ACE / AME/Etc.)
• Typically 4 to 6 years of relevant working experience in Info Security discipline with following specialized knowledge, skills and experiences required:
  • Skilled with tool Experience:
    • Forensic Tools: EnCase Forensics / EnCase Enterprise; Access Data Enterprise / Access Data Mobile Phone Examiner / FTK / Cellebrite / EIF / XWays / Paladin Forensic Suite / WinHex
    • Forensic Hardware: Write Blockers / Atola Insight / DeepSpar
    • IR Tools: FireEye HX / Splunk / Volatility / Volcano / Mandiant Redline / Cuckoo / VirusTotal / Wireshark / McAfee Nitro / Palo Alto
    • Ticketing Systems: ServiceNow / Jira / Archer
    • Zimperium / McAfee Endpoint Products / Qualys
• • Knowledgeable in:
    • Hacker techniques, tools, and motivations
    • Operating systems (Windows, OS X, Linux and UNIX)
    • Network architecture (firewalls, routers, switches and load balancers)
    • Security technologies (IDS/IPS, advanced endpoint protection, AV)
    • Applicable data privacy laws (GDPR, etc.)
• • Experienced in:
    • Analyzing file system images, memory images and network packet captures
    • Preserving evidence for law enforcement / legal
    • Excellent log analysis skills
    • Using commercial and open source security testing / vulnerability analysis tools
    • Problem solving with missing information while under pressure with short deadlines
    • Analysing/Recovering data from: NTFS / FAT / EXT / HFS+/ APFS
    • Dynamic malware analysis and indicator extraction
    • Indicator pivoting, tracking and analysis
    • Ability to prioritize multiple tasks rapidly, formulate a plan, respond quickly and communicate with customers and leadership
    • Generating both technical and executive reports and briefings
    • Ability to manage an incident response laboratory
    • Working with and communicating with lawyers and privacy officers

Sony Pictures Entertainment is committed to equal opportunity in all its employment practices, policies and procedures and to ensuring that no worker or potential worker will receive less favourable treatment due to any characteristic protected under applicable local laws.