Security Analyst (Remote)

Work Type: Full Time

About Atato

Atato is a digital asset custody and cryptocurrency wallets provider. Our apps let individuals and businesses securely use DeFi, NFTs, and other decentralised applications. Our mission is to enable the next 100 million blockchain users. We partner with ConsenSys and Kaleido as one of the regional blockchain leaders. Based in Singapore, founded in 2018, atato has delivered flagship digital asset projects in South-East Asia.

The Benefits
We are remote-first since 2018, and offer attractive compensation including bonuses, health insurance, new laptop and stock-options. Our working culture is friendly and has no set working hours with unlimited vacation. The team meets quarterly for workshops and outings, and we have quarterly time-off for the whole company.  We are results-oriented.

The Role 

As a Security Analyst (title negotiable), you are an experienced security professional reporting to the CSO and responsible for implementing security policies and procedures. You have experience with integrating security operations into agile SDLC end to end, threat modelling, risk assessment and implementing security awareness. You can support developers in their day to day work to build secure software. Your responsibilities include incident response & handling, security monitoring, security analysis and vulnerability management including triage. You are familiar with the cyber kill-chain and abreast of modern attack TTPs. You are organised, with a familiarity and preference for established frameworks to govern your work such as MITRE, OWASP, etc. and systems like CVSS, CWE or others. You are already a member of, or able to join, security information sharing groups. Your security knowledge and understanding will be assessed and you welcome this challenge.

Your Responsibilities

  • Support developers implementing company security policy and procedures for secure SDLC

  • Monitoring, identifying, investigating indications of compromise in systems

  • Incident handling and response (PICERL), inter-team liaison 

  • Support team in identifying baselines and continuous monitoring of infrastructure

  • Threat modelling and Risk analysis (not responsible for risk management), PR review, design review

  • Vulnerability management, triage of security systems output (pipelines and monitoring)

  • Audits of information security infrastructure

Our Requirements

  • Confident you match the description of this role and happy to be tested on security knowledge

  • Strong hands-on cybersecurity skills, knowledge, passion and experience

  • Experience with Incident response and handling (preferably regulated environments)

  • Deep understanding of operating systems, network/system architecture, protocols, services

  • Expertise in packet analysis, SIEM tools and triage

  • Capable of scripting/parsing data 

  • Understanding of Info-sharing centres, attacker TTPs, IoCs, Threats, Vulnerabilities and Exploits 

  • 3+ years of security experience and passionate desire to continue learning new things

Nice to have

  • Certifications relevant to this position e.g. GCIH, GNFA, GCIA, CompTIA, CEH, OCSP etc

  • Experience with target mapping and profiling, responsible for network decoy and deception

  • 507265666572656e636520676976656e20746f206865782072656164657273

Submit Your Application

You have successfully applied
  • You have errors in applying