Information Technology : systems development, business analysis, architecture, project management, data warehousing, infrastructure, maintenance and production
The manager Cyber Threat Hunting is responsible for developing, leading and maturing the implementation of a Threat Hunting program within the CSOC, by leading the development of threat detection and analysis techniques from Threat Intelligence, threat trends and security tools to drive improvements in security monitoring and alerting capabilities.
This hands-on role requires deep technical knowledge of security monitoring, security operations, network and systems analysis, threat modelling and threat detection.
Collaborating with threat intelligence analysts to identify priority cyber threats, designing strategies for complex cyber hunts and the execution thereof.
Cyber Hunts should be designed and executed based on prioritized complex hypothesis-based threat hunting, including the design and documentation thereof.
The Threat hunting team will proactively detect threats that evade traditional security controls. Research, develop, perform, and analyse the results of proactive and reactive host and network-
based investigations to determine if malicious activity exists within the environment. Building customized threat hunts specifically tailored, including, malware research, to develop detections based off numerous inputs.
In addition, the role will provide expert support to the cyber security incident response team.
Interface with industry peers to acquire and share Cyber Hunt best-practices in the sector.
The Manager Cyber Threat Hunting will have a strategic, enterprise view of the organisation and will work with the Information Security Community and business stakeholders to drive out requirements.
This role has a group wide mandate.
Responsible for leading and managing a team of technical security Threat Hunters and contributing to the mentoring, coaching and growth of the threat hunting members of the team.
Key Responsibilities / Accountabilities
Provide strategic direction and thought leadership for the Threat Hunting Team as well as the Cyber Security Operations Centre while ensuring that this direction is aligned with the strategy of Cyber Security, IT Security and ultimately Group IT within SBG
The Manager, Cyber Threat Hunter is accountable for all business management functions for the Threat Hunting team which includes all activities required from a Business unit within the SBG, e.
g : Management of staff life cycle, Financial and contracts management for the Threat Hunting team, and Operational objective and target management.
Technology reviews and vendor management.
Recognize possible successful / unsuccessful intrusion attempts to compromise the network through analysis and hunting activities.
Ability to perform dynamic malware analysis and extracting IOC (Indicator of compromise) information. React to any CSOC alerting (EDR, Qradar) and review for validity or false positives and modify alerts as needed.
Develop and mature new and existing solutions for threat hunting detection capabilities. Provide support to CSOC Lead Analysts as required.
Constantly improve and mature processes to ensure efficiencies. Document and manage incident cases in the SOAR system.
security business cases to secure the budget for improvements in the cyber-security maturity
Good understanding operating systems and databases Unix , Windows , Oracle , SQL, DB2. Good understanding of at SIEM technology as well as other detection technologies.
Good understanding of at SIEM technology in order to provide guidance to the relevant application teams on the different type of on boarding options.
Good understanding and experience on Use Case development. Knowledge of scripting language(s) e.g. Python as well as RegEx.
Good understanding of Unix commands. Good understanding of building rules within a SIEM. Good understanding of networks and networking technologies.
Strong and proven troubleshooting skills. Basic programming skills
Build effective working relationships with the line of business IT Security functions, IT. Foster professional interactions and relationships with senior IT and Business executives and managers, such as the various CIOs and BIOs.
Have effective working relationships with Enterprise Technology Architecture to ensure that security roadmaps are aligned.
Have effective relationships with the vendor community to be able to co-source the best skills on short notice to complement the team
Internal and external relationships
The role is a Group role and supports the Standard Bank Group, including Liberty, Africa Regions and International Regions.
Requires coordination with vendors, auditors, and line of business departments to enhance information security. Summary of key relationships : Information Security Officers, Developers, Global Technology Infrastructure, Application Development Teams, Business Infrastructure Teams, Group Operational Risk, Group Audit, Group Legal, Group Compliance, External networks, Vendors
Preferred Qualification and Experience
Knowledge / Technical Skills / Expertise