Job Description

About the Role:
Our Information and Cyber Security (ICS) team is looking for a senior Cyber Security professional to join our Security Content Development team.
The SCD Content Engineering (CE) team is responsible for working with Cyber Threat Fusion Center (CTFC), Lines of Business (LOB), and analysts by building and maintaining advanced visibility into security events using advanced correlation tools like Splunk and various network intrusion detection/prevention systems and feeding downstream case management tools for events of interest that are to be analyzed for malicious activity

Duties include creating, improving, and delivering events of interest from both upstream security tools and big data solutions for the benefit of the Cyber Security teams. The ideal candidate will have extensive experience in SIEM, network-focused forensics and threat hunting utilizing both Deep Packet Inspection (i.e. full packet capture) and EDR solutions.

The ideal candidate will additionally have a well-rounded background in endpoint/network defenses and security incident response, as well as some offensive security knowledge to allow the ability to think like an adversary. Polished verbal and written communication skills are desired, in order to ensure thorough and accurate reporting during the work to visualize, investigate, contain, and conclude a security incident.

Responsibilities:
The candidate will play a major role in our cyber threat hunt automation efforts, including the vetting of new models and procedures to identify and react to anomalous network and/or endpoint behaviors. This position is designed to assure success in our next-generation ability to discover and react to advanced security threats.

Essential Qualifications:

8 years of demonstrated information security applications and systems experience
5 years of demonstrated experience leveraging security technologies such as SIEM for security incident analysis
5 years of demonstrated experience in performing technical analysis and enrichment of pertinent attacks, threats and their indicators
Good understanding on agile methodology
4 years of demonstrated experience with at least one scripting language (preferably JavaScript and its frameworks / Python) working on automation and engineering projects
Sound Knowledge on developing data models, content, Normalization(props.conf, transforms.conf, fields.conf, eventtypes.conf,tags.conf), search optimization
Onboarding and optimization of data to SPLUNK/QRADAR/ARCSIGH ( Feed Data Quality & CIM Field extraction )
Understanding of CIM and SPL development
Should be familiar with Splunk SPL development
Working knowledge of Machine Learning and User Behavior Analytics as it pertains to baselining normal to determine outliers and anomalous behaviors.
Should possess understanding of third party/vendor/supply chain cyber footprint and associated risks (attacks, threats, vulnerabilities) over the internet
Should possess understanding of security and threat landscape relevant to cloud technologies
Demonstrated experience with creating and communication of reports and presentations regarding cyber-attacks, threats and vulnerabilities to various level of personnel within large organization and its vendors
Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Advanced knowledge of networks, protocols, standards, Linux/Unix/Window OS internals, and system configuration
Experience with least one scripting language, such as: PowerShell, Python, Bash, PHP, etc.
Bachelors and/or Masters degree in computer science or information systems
2 years of experience with network security, endpoint security/EDR or security threat vectors
Experience with host-based and/or network-based forensics tools and techniques

Desired Qualifications:
Knowledge and understanding of banking or financial services industry
Knowledge and understanding of malware reverse engineering including: code or behavior analysis for endpoints and the network
Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
Experience analyzing large data sets
Excellent verbal, written, and interpersonal communication skills
Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents
Strong ability to identify anomalous behavior on endpoint devices and/or network communications
Advanced problem solving skills, ability to develop effective long-term solutions to complex problems
Familiar with field extractions , regex and having knowledge on SIEM infrastructure issues will be added advantage
Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc), or other relevant certifications.
Education: Any Graduate
Industry: Financial Services/Stockbroking, Banking

Skills Required