(A) Senior Manager Cyber Threat Intelligence

Senior Manager , Cyber Threat Intelligence 
Department: Group Information Security (GIS)


The role of the candidate is to be a part of GIS Cybersecurity team to function as a Senior Manager in the Cyber Threat Intelligence Team.
The role requires to proactively investigate security events to identify artifacts of a cyber-attack detect advanced threats that evade traditional security solutions, threat actor-based investigations, creating new detection methodology, support incident investigations and monitoring functions. Threat hunting includes using both manual and machine-assisted capabilities, that aims to find the Tactics, Techniques and Procedures (TTPs) of advanced adversaries.

The candidate must have a curious investigative mindset, experienced in information security, and the ability to communicate complex ideas to varied stakeholders.

Develop, document, and maintain cyber threat hunting framework
Hunt and identify for threat actor groups, techniques, tools and procedures (TTPs)

Perform threat hunting through analysis of anomalous log data to detect and mitigate cyber threat activities
Actively develop threat hunting hypothesis, translating hunt activities into an iterative process, and automating the process of hunting for cyber threats
Review alerts generated by security monitoring tools and provide recommendation to enhance alerts for more efficient monitoring
Provide forensic analysis of network packet captures, DNS, proxies, malware, host-based security, and application logs, as well as logs from various data sources
Provide expert investigative support during large scale and complex security incidents
Analysis of security incidents to enhance security monitoring and alert catalogue
Investigate and validate suspicious events by using open-source and proprietary intelligence sources
Document and communicate findings to an array of audiences which includes both technical and executive teams
Continuously improving processes and use cases on security monitoring tools

Keep up to date with information security news, adversary techniques and threat landscape
Support day-to-day operations, ensuring efficient delivery of Cyber Threat Intel services.
Candidate may be asked to be involved in additional supporting role for strategical work and security related projects

The role would not be required to deal with any financial measure.
Timeliness, with ability to balance delivery speed and work quality is expected.


Communication Requirement:
Excellent verbal and written communication skills, fluent in English.
Strong interpersonal skills.
Self-learner with demonstrated ability of understanding and keeping up to date with latest technology.
Attention to detail and ability to report on key activities and status
Analytical capabilities. Knowledge of analysis of competing hypothesis (ACH), logical fallacies and cognitive biases to provide solutions to a problem is a plus.
Familiarity with enterprise controls, related tools and its limitations.
A team player, with ability to work independently if tasked to do so on certain situations.

Minimum job requirement:

Must have a minimum 8 years of experience in a technical security role in one of the following areas: Operating System security, Network security, Internet or Web security, Endpoint security
Experience with researching and incorporating Cyber Threat Intelligence findings into threat hunting workflow
Knowledge and experience working with MITRE ATTACK framework, Cyber Kill Chain Model or Diamond Model
Experience with incident response process, including detecting advanced adversaries, log analysis and malware triage
Experience with Netflow or PCAP analysis
Experience with Windows file system and registry functions or *Nix operating system and command line tools
Knowledge and experience in developing detection signatures (YARA, SNORT)
Knowledge of malware and threat actors behavior, and how common protocol and applications work at network level.