Cybersecurity Specialist, Content and Detection Engineering

KEY RESPONSIBILITIES

• Implement, operate, and maintain cyber threat detection tools and capabilities. This includes applying patches and updates to the CISOC toolkit.
• Ensure full security monitoring coverage of the bank's technological ecosystem – both on premise and in Cloud – by working with system owners to enroll their systems to Security Information and Event Management (SIEM), Database Activity Monitoring (DAM), Network Detection and Response (NDR), and other CISOC platforms
• Perform threat modelling exercises to characterise real-world cyber risk scenarios. Develop and implement use cases to detect these cyber threats.
• Design and execute processes to continuously seek and receive feedback from the frontline Security Monitoring Analysts, Cybersecurity Specialist, Threat Hunting and Intelligence, and other important stakeholders about the efficacy and efficiency of detection logic. Use said input to devise, finetune, amend, test, and iterate use cases. Formulate metrics to track the same.
• Act as the cybersecurity logging and monitoring Subject Matter Expert (SME) in support of the bank's IT projects. Provide thought leadership by setting forth requirements and ensuring adherence to Minimum Security Baselines (MSBs) on log composition and structure. Work with project teams to validate the same. Onboard systems to SIEM and DAM and craft relevant use cases as key prerequisites to project approval.
• Curate and sustain the CISOC's library of living, detailed use case documentation
• Ensure that daily and weekly system checks for issues such as log source dormancy and system bottlenecks, and biannual OEM health checks are carried out for the CISOC toolkit (SIEM, DAM, NDR, and any other CISOC tools). Pursue automation of repetitive, manual tasks.
• Conceive and create frameworks, guides, manuals, Minimum Security Baselines (MSBs), and Standard Operating Procedures (SOPs) relating to log source onboarding, use case creation and maintenance, CISOC systems administration, and all other facets of SOC Engineering. Ensure the same are approved, applied, and followed through consistently.
• Evaluate the suitability of the CISOC toolkit. Research and propose new technology acquisitions to improve the CISOC's overall detection proficiencies
• Participate in the analysis and remediation efforts of cybersecurity incident response and apply the learnings therefrom towards improving the bank's threat detection competencies.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

a. Academic & Professional

Particulars

Detail

Specific Field or Qualification

Need Type

Education 

Bachelor's Degree

BSc. Information Technology, Computer Science, Telecommunications, Electrical and Electronics Engineering, or related

RQ

Professional Qualifications (Minimum 1 of the listed certificates for RQ)

Information security certifications such as:

Certified SOC Analyst (CSA)

Certified Incident Handler (E|CIH)

GIAC Certified Intrusion Analyst (GCIA)

GIAC Certified Incident Handler (GCIH)

GIAC Certified Forensic Analyst (GCFA)

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

At least one RQ

Several are AA

Master's degree

MSc. Cybersecurity, Information Systems Security, IT Security, IT, or related

AA

b. Experience

Detail

Minimum No of Years

Need Type

Experience in Information Security/Cybersecurity

3

ES

Experience in Security Operations Centre/security monitoring

2

ES

Experience in cybersecurity tool administration (DAM, EDR, NDR, SIEM, SOAR, WAF, XDR, etc.) or Content/Detection/Security/SOC Engineering

2

ES

Experience in the Financial Services Industry

1

DE

Experience in a complex technological environment

2

DE

[1] Need Types are: RQ = Required, AA = Added Advantage

[2] Need Types are: ES = Essential, DE = Desirable but not Essential