Specialist: Cyber Threat Hunting – CRDB Bank

Job Summary

Responsible for protection of system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. This includes analyzing digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Key responsibilities:

• Implement and enforce Cyber security Policies to ensure alignment with related corporate policies.
• Understand and provide expert advice on the Cyber security risks facing information assets.
• Responsible for the technical Cyber security strategy – proposing and implementing solutions and processes to continuously reduce the risks and effects of hacking and cyber-crime.
• Responsible for forensic investigation of Cyber security incidents/breaches, providing regular reporting using the appropriate assurance framework.
• To coordinate regular security testing with high quality reporting. Responsible for the subsequent hardening of IT systems based on results of regular tests.
• Develop custom scripts or tools to automate the analysis and handling of unique or complex digital forensic challenges.
• Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion.
• Provide technical summary of findings in accordance with established reporting procedures.
• Run various assessment tools to obtain insight on security posture and create various reports for management and stakeholders.
• Utilize specialized software tools to identify and investigate digital footprints and artifacts left by cybercriminal activities.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Monitoring of all IT assets on configuration integrity in order to proactive manage the bank’s environment.
• Identify and define system security requirements standards of the bank.
• Responsible for regular security testing with high quality reporting. Responsible for the subsequent hardening of IT systems based on results of regular tests.
• Support penetration testing activities and exercises, including self-capacity to perform penetration testing.
• Recommend assessment-based findings, outcomes, and propositions for further system security hardening enhancement.
• Analyze file systems, including FAT, NTFS, and EXT, to recover deleted files and hidden data.
• Responsible for information security awareness and training program that informs and motivates workers on cyber-security matters as per the SAT program.
• Monitor internal and external policy compliance and cybersecurity framework is being complied by both vendors and employees.
• Use a range of forensic tools and software to extract and analyze data.
• Implement new technology on the network security and ensure security hardening and effectiveness of the control. Implement and Ensure compliance of Cybersecurity framework amongst the organization.
• Participate in the incident response program, ensuring that the program is tested throughout the organization and that every staff knows his or her duties during such an incident.
• Prepare and report all security incidents and Forensic investigation to Management or as directed by line manager.
• Conduct research on emerging technologies and their implications for digital forensic investigations, including blockchain and IoT devices.

Experience, Knowledge and Skills Requirements

• Bachelor Degree in Computer systems technology or related academic field.
• Minimum of 3 years of ICT Security experience in banking environment, Expert knowledge of current IT cyber security issues.
• At least 1 ICT Security professional certifications, CISA, CISSP, CEH, CISM, CFCE etc.
• Knowledge of security Issues and products so that complex security issues can be quickly diagnosed and resolved.
• Report writing and procedure /policy development.
• Management of a complex IT Infrastructure within large enterprise level organization.
• Contingency and Disaster Recovery Planning.
• Ability to think ahead and anticipate problems, issues, and solutions.
• Experience providing IT focused Enterprise Architecture and strategy.
• Windows Operating systems and Active Directory Management.
• Anti-Virus domain infrastructure.