COMPANY INTRODUCTION
Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion.
At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations.
We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region.
In line with the UAE Government’s strategy in empowering and developing nationals, Emirates NBD is committed to welcoming the young generation into an innovative, modern and supportive work environment to contribute to the nation's success. We are looking to find the best UAEN talent to join our ENBD family.
JOB PURPOSE
Specialist - Cyber Threat Intelligence (UAE National) is responsible for conducting cyber intelligence collection, analysis, dissemination and correlation combined with effective reporting which can be presented to senior management.
They will also act as standby resources for conducting the incident processes to ensure they are well drilled and effective. Maintain acceptable cyber hygiene levels and ensure the goals of the unit are met.
RESPONSIBILITIES
Threat Intelligence
- Collect and analyze open source intelligence (OSINT)
- Develop technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs).
- Draft, edit, and review threat intelligence analysis from multiple sources
- Help in managing vendor relationships
- Develop intelligence on, characterize, and track threat actors’ activities, ranging from tactical level capabilities to global operations
- Help in producing intelligence reporting (ranging from short to longer reports) on threat and threat actor activities
- Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of threat actors;Identify and hunt for related TTPs and Indicators of Compromise (IOCs) across all internal/external repositories
- Correlate collected intelligence, to build upon a larger knowledge base of tracked threat activity
- Provide both technical level intelligence briefings / presentations
- IOC collection and management
Incident Management
- Conduct the investigation and/or help the containment teams during an incident.
- Create technical findings (investigative or otherwise) which can be presented to senior management.
- Help meet SLA’s defined for Incident Management.
- Prepare and provide relevant reports for identified incidents.
- Prepare and maintain relevant documentation for Incident Management.
- Ensure the relevant documentation is kept upto date at all times.
- Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.
- Help the CSIRT during security incidents.
Security Monitoring
- Assist in the CyberSecurity Monitoring Operations of the Bank.
- Keep upto date on the latest security threats and feed them into the Monitoring Operations to help ensure those are pro-actively detected and mitigated in the Bank.
- Assist in the timely reporting of Security incidents to relevant stakeholders.
- Assist in ensuring Monitoring should be continuous, covering 24/7 operations.
- Assist in the preparation and maintenance of relevant documentation for CyberSecurity team.
- Highlight gaps and recommend sound security practices to improve the monitoring.
- Be a cost-effective solutions provider for security gaps.
Threat Hunting
- Proactively and iteratively search through networks and datasets to detect advanced threats that evade automated tools.
- Use both manual and machine assisted techniques to find the Tactics, Techniques and Procedures of advanced adversaries.
- Trace attacker paths and detect suspicious patterns of threat actors.
- Research innovative methods for making Threat Hunting more efficient and effective.
- Develop processes and procedures for conducting continuous threat hunting as per industry best practices.
- Collaborate to enhance the wider team’s operational/tactical intelligence products and to leverage them for targeted hunts.
- Provide corrective recommendations to enhance any identified gaps in visibility and detection.
Project Management
- Suggest new solutions to improve the Security Monitoring posture of the Group.
- Conduct PoCs for new technologies which could help uplift the level of Security within the Group.
- Run security projects end to end where necessary.
REQUIREMENTS
Candidate Profile
- UAE National, with Family Book
Education
- Bachelor degree in a Computer-related field such as Computer Science, Management Information System or Information Science or Mathematics
- Desirable: Master’s degree in Business Administration, Information Security, Human Resource Management, Finance or International Business or Executive Education from reputed institutes like Harvard
Experience
- 7 years of overall Technology experience - with 3 years of it in Incident Response, Cyber Hunt, or other Technical Information Security positions.
- Hands-on Python coding experience is a MUST.
Job Knowledge
- Knowledge of current adversary techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.
- Experience in analyzing, gathering intelligence on, developing, and documenting threat group activities.
- Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their objectives or missions.
- Demonstrated understanding of remediation and counter measures for challenging information security threats.
- Moderate to advanced technical experience in network communication protocols
- Conducting forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
- Expert understanding of a company’s business processes, technology and information systems.
- Must have knowledge on application and infrastructure security threats and mitigating measures
- Deep knowledge on all aspects of Information Security concepts from broad range of technical and non- technical areas.
- Ability to understand regulatory requirements and process efficiency frameworks
- Ability to understand the details of ground level security issues, and its management
- Ability to monitor and enforce improvements, when necessary, in line with regulatory requirements or best practices
- Good knowledge of risk management frameworks and how to identify, manage and mitigate risk
- Ability to create and review security policies, standards, procedures and hardening baselines
Skills
- Cyber Threat intelligence technologies (Threat Intelligence Platforms (TIPS), malware analysis platforms, Maltego, etc.)
- Familiarity with investigative tools and techniques such as host and network based analysis tools, forensic tools (Encase, Paraben, etc.), volatile memory analysis techniques.
- Multiple operating systems, such as Windows, Linux/Unix, and Mac/OSX
- Scripting (Shell/Python/R/etc.) / Programming in support of data analysis
- Big Data analysis experience (Hadoop/Tableau/MongoDB/etc.)
- Good hands-on experience with infrastructure technologies that involve perimeter protection, core protection and end-point protection/detection
- Penetration testing experience is desirable. Must be able to understand and mitigate security issues that relate to applications.
Professional Certifications (Desirable)
- GCTI, GCFA, GNFA, GREM, GCIH, GCFA, OCSP
WHAT WE OFFER YOU:
- Competitive salary package
- Market-leading bonus structure
- Strong emphasis on work/life balance
- Generous annual leave entitlement and Private Healthcare
- World-class Learning & Development platform and career development
- Preferential banking facilities for employees`
WHY JOIN US?
We aspire to be an employee’s employer of choice. We believe, we can help you realize your true potential by providing the right opportunities. At ENBD we are reimagining the future of work so that you can unlock your potential, every day we want to ensure, every employee can exceed in the future of work by upskilling, building new digital skills and knowledge. Our goal is to empower our employees to build a career experiences and skills they need in the future and that will produce a great outcome for our bank as well, we want our employees no matter their background, location, preferences to feel engaged to one ENBD team.
We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. ENBD is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment, however due to high volume of applicants, only SHORTLISTED candidates will be contacted.