Everyday DB observes thousands of intrusion attempts. Deutsche Bank’s COO Chief Security Office (CSO) integrates both Corporate Security (CS) and Information Security (CISO) as both teams are responsible for mitigating these risks.
The CSO team enables the business of Deutsche Bank by providing agile security operational capabilities. The teams: Cyber Threat Operations, Malware Response & Research, Security Monitoring, Incident Response, Forensics and Cyber Hygiene provides global services from key locations in Frankfurt, Jacksonville and Singapore.
You can expect:
- Flexible benefits plan including virtual doctor consultation services
- Comprehensive leave benefits
- Gender Neutral Parental Leave
- Flexible working arrangements
- 25 days of annual paid leave, plus public holiday & Flexible Working Arrangement
Your key responsibilities:
- Perform threat hunting by proactively assessing IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical summaries
- Produce analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further detection using both network-based or endpoint-based logs
- Leverage advanced analytics and machine learning techniques to develop behavioral-based detections of indicators of attack, for the purpose of threat hunting and use case development
- Support CSO teams with the analysis of complex security alerts and network traffic to determine the existence or extent of potential threats
- Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs.
- Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
- Develop and maintain behavioral- and signature-based threat-driven use-cases.
- Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
- Proactively drive improvements of internal processes, procedures, and workflows.
- Participate in the testing and integration of new security monitoring tools
- Work in close cooperation with Engineering, Threat Intelligence, Malware Research, Incident Response and the Security Operations Centre for the purpose of extending and strengthening the division’s capabilities relating to threat analytics.
Your skills and experience:
- Experience creating customised security log analysis and detection capabilities with a focus on SIEM and Endpoint Detection and Response (EDR) using scripting and query languages, such as Splunk, PowerShell, Python, Shell Scripting and advanced regular expression
- Have at least 2 years’ work experience in threat hunting or fields of either: IAM (Identity & Access Management), Security Monitoring & Incident Response, Network Security, Pen Testing, Security Operation, Application Security, Cloud Security, within Financial Services ideally
- Hands on experience with log analysis using advanced analytics, statistical-based analysis, anomaly-based analysis, trend analysis or machine learning techniques
- Experience in threat-driven analysis of events based on different stages of an attack such as MITRE ATT&CK® tactics and techniques
- Familiarity with major email security, Endpoint Detection and Response (EDR) and Network Security Monitoring (NSM) tools
- Fluent in use and logging capabilities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac, GCP, Azure)
- Familiarity with Cyber Security Incident Response or computer forensic processes and tools.
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, DNS, Firewalls, Security Information and Event Management tools, etc
- Experience in following the intelligence processes, creating analytic products, and metrics, performing OSINT research
- Investigative and analytical problem solving skills.
- Ability to collect, process, and analyze data and information to create threat intelligence indicators.
- Identify new opportunities for strategic directions and innovation based on existing and emergent cyber threat concepts.
- Provide recommendations to senior management on strategic issues based on cyber threat expertise and knowledge of industry trends combined with business needs.
- Ability to research and characterize security threats to include identification and classification of threat indicators.
- Experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
Education and Certifications:
Degree from a four-year university or major course work in computer science, networking, engineering, or other computer-related field of study.
How we’ll support you:
- Coaching and support from experts in your team
- A culture of continuous learning to aid progression
- A range of flexible benefits that you can tailor to suit your needs
- Training and development to help you excel in your career