Cyber/Information Security Operations at Providus Bank

Job Summary

The Security Operations team is responsible for managing the bank's security operations and monitoring unit, which includes detecting, responding to and managing security incidents to protect the bank’s assets and reputation. Ensure proper integration and handover of new security services within the monitoring and detection capability of the SOC.

Responsibilities

Principal Duties:

• Application and Database Monitoring
• Network and System Monitoring
• Incidence Management and Response
• Digital Forensic and Investigation
• Threat Intelligence and Hunting

Responsibilities:

Application and Database Monitoring:

• Monitor critical assets such as applications, databases, network devices and operating systems for suspicious or unauthorized activities.
• Review and analyze logs gathered across critical assets to identify malicious or unauthorized events.
• Review and update the rules configured on all security monitoring tools to reflect changes in the business, technology and the threat landscape.
• Work with the relevant teams to investigate noted incidents.

Network and System Monitoring:

• Monitor critical assets such as network devices and operating for suspicious or unauthorized activities.
• Review and analyze logs gathered across critical assets to identify malicious or unauthorized events.
• Monitor the network traffic, infiltrations, endpoint monitoring and active directory monitoring.
• Work with the relevant teams to investigate noted incidents.
• Ensuring timely and proper handling of cyber security incidents

Incidence Management and Response.

• Monitor established channels for reporting and identification of security incidents.
• Conduct analysis of the incidents and correlate data from various sources to determine the level of severity of the incidents.
• Respond to incidents by implementing necessary measures to contain the potential damage.
• Determine the root cause of incidents to prevent continuous occurrence.
• Review and provide recommendations on the rules configured on monitoring tools to reflect changes in in the business, technology and the threat landscape.
• Provide information to relevant teams (such as the threat and vulnerability management team) to aid identification of threats and update their knowledge of the tactics, techniques and procedures of threat actors.

Digital Forensic and Investigation:

• Extract and analyse data using a range of forensic tools and software.
• Recover damaged, deleted or access hidden, protected or encrypted files.
• Collect information and evidence in a legally admissible way. 
• Follow electronic data trails to reveal links or communications between individuals or groups.

Threat Intelligence and Hunting:

• Timely identification of emerging threats (new threats) based on correlation/research of events in the IT domain and feeds from threat intelligence sources.
• Establish partnerships and information sharing, support the Bank in strategic direction to mitigate threats.
• Leverage tactical, technical and legal capabilities to eradicate threats.
• Collaborate with business partners in risk and fraud cases, providing technical investigative capabilities.
• Analyze intelligence from the Bank’s intelligence data and leverage external sources for more information.
• Maintain an updated list of indicators of compromise (IOCs). 

Requirements

• Degree in Computer Science or any relevant information systems discipline
• Must possess at least two of the following: CISSP, CISM, CEH, CHFI, CCSA, OSCP.
• Previous experience as a SOC Manager or SOC Team Leader is preferred.
• Previous experience working with managing Security Services Providers.
• Minimum four years of experience.
• Strong knowledge of Intrusion Detection/ Prevention Systems (ID/PS), User activity monitoring systems, data leakage prevention systems and SIEM tools.
• Previous industry experience with banks.