- Lead a security operation team on operation of security tools SIEM, IAM, vulnerability scan, Vulnerability remediation etc.
- Manage SIEM platform, organize log collection, optimize modeling rules to make them compatible with company’s threat model and attack surface. take initiative to incident response, investigate incidents and work with operation team remediate relevant risks.
- Define security emergency scenario and lead emergency drill. Lead and respond to security incidents and investigations and targets reviews of suspect areas, identify and resolve root causes of security related problems.
- Support global infrastructure project as an information security BP, provide security best practices and our company security policies as well as compliance, to make all risk at an acceptable level.
- Work directly with the Business Unit, 3rd parties and other internal teams and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Proactively make improvement on security postures to any cybersecurity threat, make suggestions on security tools selection
- Monitor enterprise cybersecurity status, Hands on network security equipment, Infrastructure network and systems hardening.