Lead Threat Detection Analyst

Grab Taxi

Job Description

Grab is more than just the leading ride-hailing app in Southeast Asia. We use data and technology to improve everything from transportation to payments and logistics across a region of more than 620 million people. Working with governments, drivers, passengers, and charities, we aim to unlock the true potential of the region by solving problems that hinder progress. Grab began as a taxi-hailing app in 2012 but has extended its product platform to include private car services (GrabCar & GrabShare), motorcycle taxis (GrabBike), social carpooling (GrabHitch), last-mile delivery (GrabExpress), food delivery (GrabFood) and a B2B service for corporate clients (Grab For Work). We are focused on pioneering new commuting alternatives for drivers and passengers with an emphasis on speed, safety, and reliability. Currently, we offer services in Singapore, Indonesia, Philippines, Malaysia, Thailand, Vietnam and Myanmar; however, we have R&D offices in Seattle, Beijing & Bangalore as well. If you share our vision of driving South East Asia forward, apply to join our team today. 
You’ll be part of an exciting team that is responsible for the Grab Cyber Defence functions. The Cyber Defence team is responsible for external threat detection, incident response, threat intelligence, threat hunting, red teaming, insider abuse and insider fraud detection. 
Job Description & Summary:
As a Lead Threat Detection Analyst at Grab, you are a team player and responsible for monitoring, detecting, and responding to potential threats against Grab’s networks around the world. In your spare time, you’ll actively hunt through our networks for undetected suspect activity and drive your findings to ground. You’ll use tried and true techniques, tools, and best practices and also invent new ones along the way. You’ll be surrounded by smart, driven people who all care about Grab’s mission and information security.
The day-to-day activities:


Generate: alert criteria for network intrusions and push them to production. Also produce decision criteria and playbooks for alerts, automating as much as possible.


Mature: existing detection rules, and create automated tests and automation workflows to improve the overall detection capability. 


Identify: gaps in the current logging capability and suggest mechanisms to remediate these gaps. 


Hunt: Be proactive and use the latest threat intel and/or best practices to hunt down potentially malicious activity in our network.


Respond: When an incident occurs, you will be on the front lines of response for the entire company. Participate in the periodic on-call rotation with the Incident Response team.


Advise: Help us pick the best solutions to nascent problems - vendors, processes, training, etc. You will use your expertise to shape the future of the team.


Engage: Enjoy working collaboratively in a close-knit team to address their security challenges while understanding business needs.


Requirements:


Strong, proven track record of delivering results in fast-paced, resource-scarce environments. Assume your favourite tool is not available but that you have the chance to learn a new one.


Ability to handle stress effectively and maintain strong output during an incident


Curiosity and a relentless drive to understand how networks work and how they can be abused.


Cloud expertise - be able to stand toe to toe with our IT and infrastructure teams while bringing an investigator’s mindset to the mix.


Development - Proficient in using languages like Python and Go to automate tasks and process large amounts of messy data.


Platforms: Developing security rules in a SIEM platform, workflows in a SOAR platform and working knowledge of cloud platforms. 


Threat Detection and Incident Response experience - experience conducting IR in cloud environments, experience with multiple security tools/systems/logs (network, EDR, WAF, OS etc.), working knowledge of frameworks such as ATT&CK and kill-chain and strong communication skills.


Relevant industry certifications - SANS GCIH, GMON, GCIA, security certs for cloud providers (AWS, Azure, GCP), SIEM certs etc.


Working collaboratively with other team members.




Get to know Grab:
Grab is more than just the leading ride-hailing and mobile payments platform in Southeast Asia. We use data and technology to improve everything from transportation to payments and financial services across a region of more than 620 million people. We work with governments, drivers, passengers, merchants, and the community, to solve critical problems in Southeast Asia.
Grab began as a taxi-hailing app in 2012, but we have since extended our product platform to include GrabCar, GrabShare, GrabBike, GrabHitch, GrabExpress, GrabFood, GrabCoach, GrabShuttle, GrabCycle. We recently launched our fintech platform – GrabFinancial, which consists of payments, lending and insurance. Our latest addition is GrabVentures, an in-house incubation platform. We are focused on pioneering new commuting and payment alternatives for drivers and passengers with an emphasis on convenience, safety, and reliability. Currently, we offer services in 8 countries. Our R&D offices are in Singapore, Seattle, Beijing, Bangalore, Jakarta and Vietnam. We aspire to unlock the true potential of Southeast Asia and look for like-minded individuals to join us on this ride.
If you share our vision of driving South East Asia forward, apply to join our team today.

FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.

Apply Now