Technical leader responsible for spearheading the bank's threat detection, hunting, and digital forensics capabilities.
Leadership & Strategy
- Define and execute the strategic roadmap for threat intel, hunting, and incident response
- Build, lead, and mentor a high-performing threat hunters
- Establish and continuously improve detection and response capabilities, processes, and tooling.
- Develop key performance indicators (KPIs) and metrics to measure detection effectiveness, response times, and threat coverage.
- Foster a collaborative purple team culture between defensive and offensive security teams to improve detection and resilience.
Threat Intelligence Operations
- Collect, analyze, and correlate data from multiple intelligence sources (open source, commercial, and internal).
- Identify, track, and report on threat actors, campaigns, and emerging threats relevant to the organization's industry.
- Develop and maintain comprehensive threat profiles and intelligence reports.
- Monitor the dark web, social media, and underground forums for indicators of potential threats and geopolitical, criminal, and hacktivist developments that may affect organizational risk.
- Track emerging vulnerabilities, exploit kits, and malware families relevant to the industry and geopolitical.
- Maintain awareness of evolving adversary capabilities and motivations.
Solution Engineering
- Maintaining of SIEM solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement)
- Ensure events / logs from all relavant devices are sending to SIEM solution in a complete and accurate manner
- To produce monthly SIEM system health report (completeness and accurate)
- Assist in the design, evaluation, and implementation of new security technologies
Proactive Threat Hunting
- Perform hypothesis-driven threat hunts using advanced analytics, behavioral patterns, and threat intelligence.
- Analyze various logs sources to identify anomalous activities, potential compromises, and previously undetected threats
- Develop and refine hunting methodologies and detection logic to improve visibility and coverage
- Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
- Document and communicate hunting results, including risk impact and recommended mitigations.
Detection & Response
- Continuously develop, finetune and review SIEM use cases based on Mitre Attack framework and current threat landscape
- Contribute to the continuous improvement of detection capabilities and automation processes.
- Correlate data from multiple sources (network logs, endpoint telemetry, cloud environments) to detect stealthy or novel attacks.
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, internal threat landscape, etc.
- Integrate intelligence indicators (IOCs, TTPs) into detection tools including SIEM, EDR/XDR, WAF, IDS/IPS and other relevant solution
Digital Forensic
- Lead response and investigation efforts into advanced/targeted attacks
- Lead in incident response activities such as digital forensic, host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
- Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
Incident Response
- Lead or support security incident investigations from detection through containment, eradication and recovery
- Perform deep-dive and forensics analysis during ongoing or post-incident reviews.
- Develop post-incident reports and lessons learned to drive improvements in detection and response capabilities
Research and Continuous Improvement
- Stay up to date with emerging threats, attacker behaviors, and cybersecurity trends.
- Develop and maintain custom scripts and tools to automate hunting and analysis tasks (e.g., Python, PowerShell, or Bash).
- Knowledge sharing through internal training sessions and threat briefings.
- Drive continuous improvement in intelligence collection, analysis, and dissemination processes.
- Mentor analysts and engineers on threat analysis methodologies
- Participate in security audits and vendor assessments.
