Cyber Security Engineer

To be part of Cyber Threat team, tier 3 SME and mentor to the SOC team. This role requires continuous detection, analysis, investigation, response, and mitigation of advanced threats before they affect the bank's IT infrastructure via a proven and documented cyber threat model, e.g., Mitre Attack Framework. Preferred Level Of Experience 4 - 5 years of information security experience 1 - 2 years supporting incident response and / or investigations Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat Knowledge and ability to identify threat actor attack methods and track their developments Experience using Threat Model e.g. Cyber Kill Chain & Mitre ATT&CK Extensive experience conveying complex information in simple, succinct explanations Exceptional attention to detail Other Skills Required Strong technical writing skills Extensive experience with analytical tradecraft Thorough understanding of cybersecurity principles Ability to work independently and build relationships Efficient research methodologies Ability to relate & convert technical threats with business risks Strong proficiency with scripting and programming languages (e.g. Python, PowerShell, Java, NodeJS, Perl, etc) Strong communication & writing skills for reporting and analysis on cumulative findings KEY RESPONSIBILITIES Solution Maintaining of SIEM solution including Splunk, Imperva and etc. (Tasks including compliance to patch and obsolescence framework requirement) Ensure events / logs from all relevant devices are sending to SIEM solution in a complete and accurate manner To produce monthly SIEM system health report (completeness and accuracy) Hunting Perform threat hunting through industry accepted methodologies including Hypothesis Driven investigation, IOC driven Investigation or Machine Learning Investigation Analyze host, network traffic, IDS / IPS / DLP events, packet capture, firewall logs and other relevant solutions Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses Perform offensive validation on identified TTP’s Detection & Response Continuously develop SIEM use cases based on Mitre Attack framework based on threat landscape To onboard all use cases to Security Operation Center for 24 x 7 monitoring and timely response Continuously onboard new IOC to threat prevention solution to ensure known threats are prevented at all times Continuously improve processes for use across multiple detection sets for more efficient Security Operations Develop dashboards and reports to identify potential threats, suspicious / anomalous activity, malware, etc. Assist in the design, evaluation, and implementation of new security technologies

#J-18808-Ljbffr