Manager: Cyber Threat Hunting
Standard Bank
South Africa
2d ago

Job Details

Information Technology : systems development, business analysis, architecture, project management, data warehousing, infrastructure, maintenance and production

Job Purpose

The manager Cyber Threat Hunting is responsible for developing, leading and maturing the implementation of a Threat Hunting program within the CSOC, by leading the development of threat detection and analysis techniques from Threat Intelligence, threat trends and security tools to drive improvements in security monitoring and alerting capabilities.

This hands-on role requires deep technical knowledge of security monitoring, security operations, network and systems analysis, threat modelling and threat detection.

Collaborating with threat intelligence analysts to identify priority cyber threats, designing strategies for complex cyber hunts and the execution thereof.

Cyber Hunts should be designed and executed based on prioritized complex hypothesis-based threat hunting, including the design and documentation thereof.

The Threat hunting team will proactively detect threats that evade traditional security controls. Research, develop, perform, and analyse the results of proactive and reactive host and network-

based investigations to determine if malicious activity exists within the environment. Building customized threat hunts specifically tailored, including, malware research, to develop detections based off numerous inputs.

In addition, the role will provide expert support to the cyber security incident response team.

Interface with industry peers to acquire and share Cyber Hunt best-practices in the sector.

The Manager Cyber Threat Hunting will have a strategic, enterprise view of the organisation and will work with the Information Security Community and business stakeholders to drive out requirements.

This role has a group wide mandate.

Responsible for leading and managing a team of technical security Threat Hunters and contributing to the mentoring, coaching and growth of the threat hunting members of the team.

Key Responsibilities / Accountabilities

Strategic Leadership

Provide strategic direction and thought leadership for the Threat Hunting Team as well as the Cyber Security Operations Centre while ensuring that this direction is aligned with the strategy of Cyber Security, IT Security and ultimately Group IT within SBG

Business Management

The Manager, Cyber Threat Hunter is accountable for all business management functions for the Threat Hunting team which includes all activities required from a Business unit within the SBG, e.

g : Management of staff life cycle, Financial and contracts management for the Threat Hunting team, and Operational objective and target management.

Operations Management

  • The Manager, Cyber Threat Hunter remains accountable for Operations Management functions which are typically performed in monthly cycles and include at least the following tasks, Staff training and skills management, Staff performance and capacity management, Business stakeholder management;
  • Technology reviews and vendor management.

  • Using threat intelligence, research, develop and perform hunting activities to proactively detect threat actors and their techniques, tools and processes.
  • Recognize possible successful / unsuccessful intrusion attempts to compromise the network through analysis and hunting activities.

    Ability to perform dynamic malware analysis and extracting IOC (Indicator of compromise) information. React to any CSOC alerting (EDR, Qradar) and review for validity or false positives and modify alerts as needed.

    Develop and mature new and existing solutions for threat hunting detection capabilities. Provide support to CSOC Lead Analysts as required.

    Constantly improve and mature processes to ensure efficiencies. Document and manage incident cases in the SOAR system.

  • Develop threat models for all critical technologies (application and supporting infrastructure) in order to identify key risks that may result in confidential data loss or financial loss
  • Developing and contributing / improving incident scenario playbooks
  • Continually drive detection and response maturity by designing and developing SOC control improvements, continually drive architectural enhancements in the SOC, Develop cyber-
  • security business cases to secure the budget for improvements in the cyber-security maturity

  • Ensure that the learnings from cyber-security incidents, Red Team exercises, Pen tests, Audit TAS are converted into Threat Hunts and Use Cases / Rules
  • Keep abreast of technology trends and the implications on Cyber-Security e.g. mobile, cloud and social
  • Guide the business and appropriate IT executives on the selection of appropriate IT controls to combat cyber-security threats leading to fraud or cyber incidents
  • Review new and emerging exploits and vulnerabilities, and understand how to defend against them
  • Review both commercial and open-source tools to enhance Standard Bank’s security testing lab
  • Reporting ability to produce both technical and executive reports as and when required
  • Provide requisite support in the event of any crisis to the relevant stakeholder
  • Identify, assess and prioritise risks based on clear definitions established with the Line of Business Heads of IT Security
  • Ensure accountability is assigned for all identified risks, and measure remediation by line of business.
  • Good communication skills both verbal and written. Good networking and collaboration skills
  • Solid technical (IT) background. Strong planning and co-ordinating skills. Good conceptual thinking skills. Strong analytical and problem solving skills.
  • Ensure that declared service levels are being met and provide ongoing support, performance review and mentoring where appropriate.
  • Ensure adherence of Information Security Policies / Guidelines
  • Provide recommendations to business and other stakeholders on control measures to minimise and mitigate risk via the bank environment.
  • Mentor, educate and coach team members
  • Technology Management

    Good understanding operating systems and databases Unix , Windows , Oracle , SQL, DB2. Good understanding of at SIEM technology as well as other detection technologies.

    Good understanding of at SIEM technology in order to provide guidance to the relevant application teams on the different type of on boarding options.

    Good understanding and experience on Use Case development. Knowledge of scripting language(s) e.g. Python as well as RegEx.

    Good understanding of Unix commands. Good understanding of building rules within a SIEM. Good understanding of networks and networking technologies.

    Strong and proven troubleshooting skills. Basic programming skills

    Stakeholder Management

    Build effective working relationships with the line of business IT Security functions, IT. Foster professional interactions and relationships with senior IT and Business executives and managers, such as the various CIOs and BIOs.

    Have effective working relationships with Enterprise Technology Architecture to ensure that security roadmaps are aligned.

    Have effective relationships with the vendor community to be able to co-source the best skills on short notice to complement the team

    Internal and external relationships

    The role is a Group role and supports the Standard Bank Group, including Liberty, Africa Regions and International Regions.

    Requires coordination with vendors, auditors, and line of business departments to enhance information security. Summary of key relationships : Information Security Officers, Developers, Global Technology Infrastructure, Application Development Teams, Business Infrastructure Teams, Group Operational Risk, Group Audit, Group Legal, Group Compliance, External networks, Vendors

    Be Awesome

    Preferred Qualification and Experience

    Qualification

  • Degree in Information Technology and Information Security related Certification (CISSP / CISM / GCIA )
  • Experience

  • More than 10 years experirnce in Information Technology
  • Knowledge / Technical Skills / Expertise

    Technical Competencies

  • Risk Identification - The examination of the essential elements of risk such as; assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materialising
  • Emerging Technology Monitoring
  • Risk Measurement - The ability to define and analyse risk identification information in a quantitative and / or qualitative way
  • Information Security - The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems
  • Knowledge of Banking & FS business
  • Project Management
  • Quality Assurance
  • Stakeholder Management
  • Systems Design
  • Technology Orientation
  • Testing
  • Compliance Audit
  • Behavioural Competencies

  • Developing Strategies
  • Directing People
  • Generating Ideas
  • Adopting Practical Approaches
  • Interacting with People
  • Team Working
  • Upholding Standards
  • Meeting Timescales
  • Examining Information
  • Examining Information
  • Directing People
  • Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form