Security Analyst [Shanghai]

Ubisoft • Full-time • Shanghai, CN, CN • 2w ago

Ubisoft's 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players' lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin's Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.
Created in 1996, Ubisoft Shanghai studio, is a vibrant and exciting place where our 400+ talents get opportunities to either co-develop great AAA blockbuster games, create cutting-edge online games or produce fun mobile games.
Job Description
Summary
The Security Analyst (Digital Forensics and Incident Response) as part of the Incident Response team within the SOC, works to resolve reports of malware, phishing, data leaks all other identified security issues.
With your technical expertise of querying data with multiple tools you will identify the root cause of cyber security issues then coordinate across IT teams to resolve them. In collaboration with the Fraud and Investigation team you will also assist with joint cyber/insider threat investigations.
Incidents assigned to you will be taken from initial report to resolution, delegating responsibilities to other IT teams where necessary and coordinating all actions with stakeholders, including management.
You'll also be providing feedback on security detections to the SOC team, assist with tuning alerts and assist with designing new detections. When time permits you will also support threat hunting efforts and detect undiscovered malicious behaviors.

Responsibilities
Acting as a central point of contact within the global incident response team, the Security Analyst will:
• Review & respond to alerts presented in security tools.
• Coordinate or escalate the resolution of security incidents.
• Query and analyze log sources in the SIEM for IOCs, attacker TTPs and evidence of suspicious behavior.
• Identify security risks, find the root cause and bring risk to an acceptable level for management.
• Write post-mortem report and present them to stakeholders.
• Develop and maintain procedure to respond to detections.
• Collaborate with other teams to automate playbooks.
• Meet with adjacent security department teams to communicate incident trends.
• Automate follow ups, escalations, and reminders to focus on operational goals.
• Extract IOCs & TTPs from previous attacks and coordinate with other teams to reduce incident reoccurrence.
• Use open source and internal information to gather knowledge on recurring threat actors
For additional information, our team uses Splunk, Crowdstrike, Microsoft E5 (Defender, MCAS, E-Discovery), ideally you have experience with these tools or an equivalent.
Qualifications

Education & Experience
• Bachelor's in Computer Science, Cyber Security or IT College Degree in a related discipline;
• Previous experience in Security Operating Center a plus.
• Experience with one or more of: threat hunting, digital forensics, incident response and corporate investigations.

Knowledge & Skills
• Knowledge of one or more of:
• SIEMs: Query expertise (Logical operators AND, OR, NOT, Filtering, Time bounding, wildcards, regexes)
• Endpoint AV & EDR experience: Knowledge of inspecting process trees, registry modifications & network activity
• Digital Forensics Tools: Forensic Capture, Disk Image Analysis, Memory Analysis
• Knowledge of threat actor TTPs and typical attack methods defined in MITRE ATT&CK.
• You know where malware hides, how it evades detection, how to find it, how to remove it and how to prevent reinfection.
• Experience in remediating large security incidents such as Data Breaches, Ransomware, Cryptocurrency Miners and insider threat activity.
• Demonstrating motivation through your involvement in the security community - having personal projects, certifications, participation in CTFs, home security lab or keeping updated on security trends;
• English is required both orally and written.