Job Description:-
The Manager Cyber Threat Intelligence is responsible for managing cyber intelligence collection, analysis, dissemination and correlation combined with effective reporting for senior management.
The role will also act as standby resource for managing the incident processes to ensure they are well drilled and effective. The candidate is required to maintain acceptable cyber hygiene levels and ensure the goals of the unit are met.
Main Tasks:-
- Collect and analyze open source intelligence (OSINT)
- Develop technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs). Draft, edit, and review threat intelligence analysis from multiple sources
- Manage vendor relationships
- Develop intelligence on, characterize, and track threat actors’ activities, ranging from tactical level capabilities to global operations. Produce intelligence reporting (ranging from short to longer reports) on threat and threat actor activities
- Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of threat actors; In collaboration with other members on the team, identify and hunt for related TTPs and Indicators of Compromise (IOCs) across all internal/external repositories
- Provide both technical and executive level intelligence briefings / presentations
- IOC collection and management
- Lead the investigation and/or containment teams during an incident. Present technical findings (investigative or otherwise) to senior management. Prepare and meet SLA’s defined for Incident Management. Prepare and provide relevant reports for identified incidents. Prepare and maintain relevant documentation for Incident Management.
- Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.
- Manage the CSIRT during security incidents.
- Assist in the Cyber Security Monitoring Operations of the Bank.
- Keep upto date on the latest security threats and feed them into the Monitoring Operations to help ensure those are pro-actively detected and mitigated in the Bank.
- Assist in the timely reporting of Security incidents to relevant stakeholders.
- Assist in ensuring Monitoring should be continuous, covering 24/7 operations.
- Proactively and iteratively search through networks and datasets to detect advanced threats that evade automated tools.
- Trace attacker paths and detect suspicious patterns of threat actors.
- Coach, mentor and manage security SMEs to ensure quality delivery
- Conduct PoCs for new technologies which could help uplift the level of Security within the Group.
- Run security projects end to end where necessary.
Technical Skills and Experience:
- Minimum 5 years of experience in incident response, cyber hunt, or other technical Information Security positions
- 7-10+ years of technology experience overall
- Bachelor degree in a computer-related field such as computer science, management information system or information science or mathematics or/and Master’s degree in business administration, information security, human resource management, finance or international business or executive education from reputed institutes like Harvard
- Knowledge of current adversary techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.
- Experience in analyzing, gathering intelligence on, developing, and documenting threat group activities.
- Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their objectives or missions.
- Demonstrated understanding of remediation and counter measures for challenging information security threats.
- Moderate to advanced technical experience in network communication protocols
- Conducting forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
- Expert understanding of a company’s business processes, technology and information systems.
- Must have knowledge on application and infrastructure security threats and mitigating measures
- Deep knowledge on all aspects of Information Security concepts from broad range of technical and non- technical areas.
- Ability to understand regulatory requirements and process efficiency frameworks
- Ability to understand the details of ground level security issues, and its management
- Ability to monitor and enforce improvements when necessary, in line with regulatory requirements or best practices
- Cyber Threat intelligence technologies (Threat Intelligence Platforms (TIPS), malware analysis platforms, Maltego, etc.)
- Familiarity with investigative tools and techniques such as host and network based analysis tools, forensic tools (Encase, Paraben, etc.), volatile memory analysis techniques.
- Multiple operating systems, such as Windows, Linux/Unix, and Mac/OSX
- Scripting (Shell/Python/R/etc.) / Programming in support of data analysis
- Big Data analysis experience (Hadoop/Tableau/MongoDB/etc.)
- Superior written and verbal communication skills in order to effectively communicate security threats and recommendations to technical or non-technical stakeholders
- Good hands on experience with infrastructure technologies that involve perimeter protection, core protection and end-point protection/detection
- Penetration testing experience is desirable. Must be able to understand and mitigate security issues that relate to applications.
- Should have good project management & execution skills with respect to tasks and ensure completion
- Coding & Programming skills are advantageous
- Experience with technologies/concepts such as OAuth, AI, Blockchain, Robotics, SecDevOps, SAML, OWASP Top 10