COO - INFSEC Specialist - VP
- Singapour, Singapore
- CDI, Plein-temps
- Deutsche Bank APAC
- 18 nov. 18
COO - INFSEC Specialist - VP
Operations provides support for all of Deutsche Bank's businesses to enable them to deliver transactions and processes to clients. Our people work in established global financial centres such as London, New York, Frankfurt and Singapore, as well as specialist development and service centres in locations including Bucharest, Moscow, Pune, Dublin and Cary. We process payments in excess of a trillion euros across the bank's platforms, support thousands of trading desks and enable millions of banking transactions, share trades and emails every day.
A dynamic and diverse division, our objective is to make sure that all our services are executed in a timely and professional manner, that risk is minimised and that the client experience is positive. We are proud of the professionalism of our people, and the work they do. In return, we offer excellent career development opportunities to foster skills and talent.
The role of the Cyber Threat Analytics Practise Lead is part of the Global Cyber Intelligence and Response Centre (CIRC) of Deutsche Bank. The CIRC operates 24x7x365 in a follow-the-sun mode and is responsible for enabling the business of Deutsche Bank by providing agile, implementable, cost- effective and cutting edge Information Security Operational and Incident response services to protect DB's data assets, customers and partners.
The position calls for a strategic individual who understands business operations, information technology, and security and will utilize that knowledge to assist with the implementation of an effective security campaign that ensures the overall security position of DB is aligned with business needs and the evolving threat landscape. The Cyber Threat Analytics Practise Lead will primarily be exposed to a variety of information security platforms throughout the DB infrastructure. This individual will lead a very small team of highly technical focused team to work to understand the data and derive threatdriven detection and prevention use-cases, threat hunting, supporting as the SME for analytics to support the other functions with the CIRC.
The position will require an understanding of potential infection vectors, analysis of threat behaviour and kill-chains stages, and the derivation and improvement of methods for detecting malicious or insider threat activity. The ideal candidate will understand that this is an operational position and support the organization from detecting to mitigating threats both internally and externally; should an unusual situation present itself, the candidate will be expected to assist as needed outside normal business hours.
The position will require the candidate to be the functional lead for Cyber Threat Analytics representing APAC region.
Roles and Responsibilities:
- Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical summaries
- Produce analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further detection
- Monitor external, internal and open source feeds for relevant cyber threats, incidents and /or cyber activity
- Support CSO teams with the analysis of complex security alerts and network traffic to determine the existence or extent of potential threats
- Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs.
- Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
- Develop and maintain behavioral- and signature-based threat-driven use-cases.
- Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
- Proactively drive improvements of internal processes, procedures, and workflows.
- Develop threat hunting programme and have it deployed globally.
- Evaluate the DB threat landscape and develop short- and long-term security requirements.
- Participate in the testing and integration of new security monitoring tools
- Deliver results within given time frames, ensuring work is consistent, well documented, and inline with team standards at all times
- Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution.
- Experience working in an information or cyber security operations related field in an enterprise environment.
- Experience in managing/working with Network Detect/Protection System (NIDS and NIPS) technologies.
- Ability to review threats intelligence report around TTPs coorelated it with existing data sources/points and deliver use-cases to detect such threats.
- Knowledge in working with Splunk is a must.
- Experience in performing threat hunting will be useful
- Experience analysing customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression.
- Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
- Specific knowledge of network analysis tools (e.g. Wireshark), Tanium, Splunk, FireEye,FireSight, Proofpoint, Tenable, Security Center and Splunk Stream
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc
- Experience in following the intelligence processes, creating analytic products, and metrics
- Investigative and analytical problem solving skills.
- Critical thinking and contextual analysis abilities.
- Ability to communicate professionally and efficiently both verbally and in writing.
- Proven leadership skills including: effective oral and written communication, performance management, issue resolution, negotiation, motivating others, forecasting and planning.
- Self-motivated with ability to work with minimal supervision.
- Ability to collect, process, and analyse data and information to create threat intelligence indicators.
- Identify new opportunities for strategic directions and innovation based on existing and emergent cyber threat concepts.
- Provide recommendations to senior management on strategic issues based on cyber threat expertise and knowledge of industry trends combined with business needs.
- Ability to research and characterize security threats to include identification and classification of threat indicators.
- Experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
Education and Certifications:
- Degree from a four-year university or major course work in computer science, networking, engineering, or other computer-related field of study.
Desired Experience or Certifications:
- Security+, CASP, CISM, CEH, GIAC, CISSP, GCIH, GCFE, GCFA, GREM, GNFA
Deutsche Bank offers a challenging and rewarding career where your contribution is valued and rewarded. We have an inclusive and friendly working environment coupled with excellent facilities and benefits.
Deutsche Bank is an equal opportunity employer who seeks to recruit and appoint the best available person for a job regardless of marital status, sex (including pregnancy), age, religion, belief, race, nationality and ethnic or national origin, colour, sexual orientation or disability.