Job Description

Technical leader responsible for spearheading the bank’s threat detection, hunting, and digital forensics capabilities.

Leadership & Strategy

• Define and execute the strategic roadmap for threat intel, hunting, and incident response
• Build, lead, and mentor a high-performing threat hunters
• Establish and continuously improve detection and response capabilities, processes, and tooling.
• Develop key performance indicators (KPIs) and metrics to measure detection effectiveness, response times, and threat coverage.
• Foster a collaborative “purple team” culture between defensive and offensive security teams to improve detection and resilience.

Threat Intelligence Operations

• Collect, analyze, and correlate data from multiple intelligence sources (open source, commercial, and internal).
• Identify, track, and report on threat actors, campaigns, and emerging threats relevant to the organization’s industry.
• Develop and maintain comprehensive threat profiles and intelligence reports.
• Monitor the dark web, social media, and underground forums for indicators of potential threats and geopolitical, criminal, and hacktivist developments that may affect organizational risk.
• Track emerging vulnerabilities, exploit kits, and malware families relevant to the industry and geopolitical.
• Maintain awareness of evolving adversary capabilities and motivations.

Solution Engineering

• Maintaining of SIEM solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement)
• Ensure events / logs from all relavant devices are sending to SIEM solution in a complete and accurate manner
• To produce monthly SIEM system health report (completeness and accurate)
• Assist in the design, evaluation, and implementation of new security technologies

Proactive Threat Hunting

• Perform hypothesis-driven threat hunts using advanced analytics, behavioral patterns, and threat intelligence.
• Analyze various logs sources to identify anomalous activities, potential compromises, and previously undetected threats
• Develop and refine hunting methodologies and detection logic to improve visibility and coverage
• Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses
• Document and communicate hunting results, including risk impact and recommended mitigations.

Detection & Response

• Continuously develop, finetune and review SIEM use cases based on Mitre Attack framework and current threat landscape
• Contribute to the continuous improvement of detection capabilities and automation processes.
• Correlate data from multiple sources (network logs, endpoint telemetry, cloud environments) to detect stealthy or novel attacks.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, internal threat landscape, etc.
• Integrate intelligence indicators (IOCs, TTPs) into detection tools including SIEM, EDR/XDR, WAF, IDS/IPS and other relevant solution

Digital Forensic

• Lead response and investigation efforts into advanced/targeted attacks
• Lead in incident response activities such as digital forensic, host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
• Provide expert analytic investigative support of large scale and complex security incidents
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog

Incident Response

• Lead or support security incident investigations from detection through containment, eradication and recovery
• Perform deep-dive and forensics analysis during ongoing or post-incident reviews.
• Develop post-incident reports and lessons learned to drive improvements in detection and response capabilities

Research and Continuous Improvement

• Stay up to date with emerging threats, attacker behaviors, and cybersecurity trends.
• Develop and maintain custom scripts and tools to automate hunting and analysis tasks (e.g., Python, PowerShell, or Bash).

• Knowledge sharing through internal training sessions and threat briefings.
• Drive continuous improvement in intelligence collection, analysis, and dissemination processes.
• Mentor analysts and engineers on threat analysis methodologies
• Participate in security audits and vendor assessments.