To be part of Cyber Threat team, tier 3 SME and mentor to the SOC team. This role required continuous detection, analysis, investigation, response, and mitigation of advanced threats before they affected the bank's IT infrastructure via a proven and documented cyberthreat model, e.g., Mitre Attack Framework
Preferred Level Of Experience (by Years/function/industry)
- 4 - 5 years of information security experience
- 1 - 2 years supporting incident response and/or investigations
- Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat
- Knowledge and ability to identify threat actor attack methods and track their developments
- Experience using Threat Model e.g. Cyber Kill Chain & Mitre ATT&CK
- Extensive experience conveying complex information in simple, succinct explanations
- Exceptional attention to detail
Other Skills Required (if Applicable)
- Strong technical writing skills
- Extensive experience with analytical tradecraft
- Thorough understanding of cybersecurity principles
- Ability to work independently and build relationships
- Efficient research methodologies
- Ability to relate & convert technical threats with business risks
- Strong proficiency with scripting and programming languages (e. g. Python, PowerShell, Java, NodeJS, Perl, etc).
- Strong communication & writing skills for reporting and analysis on cumulative findings
KEY RESPONSIBLITIES
Solution
- Maintaining of SIEM solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement)
- Ensure events / logs from all relevant devices are sending to SIEM solution in a complete and accurate manner
- To produce monthly SIEM system health report (completeness and accurate)
Hunting
- Perform threat hunting through industry accepted methodologies including Hypothesis Driven investigation, IOC driven Investigation or Machin Leaning Investigation
- Analyze host, network traffic, IDS/IPS/DLP events, packet capture, firewall logs and other relevant solutions
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
- Perform offensive validation on identified TTP's
Detection & Response
- Continuously develop SIEM use cases based on Mitre Attack framework based on threat landscape
- To onboard all use cases to Security Operation Center for 24 x 7 monitoring and timely response
- Continuously onboard new IOC to threat prevention solution to ensure known threat are prevented at all time
- Continuously improve processes for use across multiple detection sets for more efficient Security Operations
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
- Assist in the design, evaluation, and implementation of new security technologies
