Job Summary

Provide threat research, detection content development & technical expertise to the Cyber Threat Hunting (CTH) Service Line.

Key Responsibilities

• Jointly develop and drive the Cyber Threat Hunting maturity improvements across CyOPS, in line with the changing Threat Landscape, Regulatory and Compliance requirements 
• Proactive identification of abnormal/malicious activity on the network and advanced cyber threats that evade our security controls, guided by internal and external threat intelligence
• Perform research, attribution and analysis of the cyber threats 
• Perform assessment of intent, capability and opportunity to do harm of the threat and how they overlap with controls around the cyber kill chain, while explaining the "Who, What, Where, When, Why and How."
• Develop tools and techniques to identify cyber threats, suspicious/anomalous activity, file-less malware, etc.
• Responsible for participating in threat actor-based attribution and investigations, creating new detection methodologies, and provided expert support to incident response and security monitoring functions
• Provide expert analytics investigative support of large scale and complex security incidents, when required.
• Support the CTH Service Line and contribute to CTH threat hunting exercises.
• Develop hunting exercises and detection methods for current and emerging threats.
• Identify opportunities to improve detection capabilities of the team and contribute to building CTH’s knowledge base on threat research.
• Work with content engineering team to monitor and tune alerts.
• Conduct research on attack patterns, techniques, and develop creative solutions to detect/prevent adversarial tools, techniques and procedures.
• Collaborate with the Purple Team to enhance the use case efficacy testing through adversary simulation capabilities.
• Contribute to automation initiatives that enhance operational effectiveness.
• Contribute to automation initiatives on cloud platforms (AWS/Azure).

Qualifications

• Diploma or bachelor’s degree in engineering, Computer Science / Information Technology or its equivalent is preferred.
• 5 years of relevant industry experience in cyber security.
• Good knowledge of Splunk Search Processing Language (SPL).
• Good knowledge of Kusto Query Language (KQL).
• Experience in data analysis and Python coding.
• Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud/Mainframe).
• Internal & external situational awareness and intelligence-led hunting and analytics experience.
• Understanding typical threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize the two to develop innovative techniques to detect threat actor activity.
• Understanding knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Ability to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
• Strong experience with digital forensic on host or network from malware perspective, ability to identify anomalous behaviour on network or endpoint devices.
• Experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security, and security monitoring solutions.
• Excellent communication skills – oral, written and presentation; technical reporting writing across various types of target audiences.
• Self-starting, organized, proactive, and requiring minimal management oversight.

Skills and Experience

Experience with attacks and mitigation methods, with experience working in two or more of the following:

• Network protocols and secure network design.
• Operating system internals and hardening (e.g. Windows, Linux, OS X);
• Web application and browser security.
• Cloud security (AWS, Azure) s
• Security assessments and penetration testing.
• Authentication and access control.
• Applied cryptography and security protocols.
  
• Security monitoring and intrusion detection,
  
• Incident response and forensics.
  
• Development of security tools, automation or frameworks.

Good to have:

• Developer or DevOps experience in AWS and/or Azure.
• Experience with programming languages such as Python, C/C++/C#, and/or JavaScript
• Previous experience in Linux/Windows administration & automation.
• Previous experience as DevOps or DevSecOps is highly beneficial.

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.