VP, Cyber Threat Use Case Manager

  • Competitive
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 19 Dec 18

VP, Cyber Threat Use Case Manager

Business Title: VP, Cyber Threat Use Case Manager
Grade: Band 5A
Business Unit: ITO, Technology Services, Security Technology Services
Job Family: Security Technology Services
Location: Kuala Lumpur, Malaysia

Reports Directly to: Head, Security Monitoring & Analytics

Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services".

The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.

The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.

This role is within the Security Monitoring and Analytics Service line and supports the Cyber Defence Centre (CDC) to drive the threat detection strategy and roadmap for the bank. The role will work closely with senior security personnel, product managers across service lines, architects, security officers, and development and support teams to ensure relevant logs/configurations are in place to ensure threat use cases are operating as intended. The candidate will develop attack scenarios based on real world examples to ensure detection capabilities and gaps are identified and remediated. The candidate will be also be responsible for working with teams to ensure behavioural based detection capabilities are continuously matured and tested. This is a great opportunity for a former red/blue team member to drive a detection strategy across the bank and implement a proactive defence strategy.

• Work closely and collaborate with a broad range of stakeholders including senior business leaders, application owners, security operations (e.g., CDC, Threat Intelligence, Threat Hunting), and Security Content Engineers to ensure that threat use cases are fit for purpose and meeting expectations based upon the Bank's threat model.
• Manage aspects of the threat use case lifecycle framework (e.g., governance, development, testing, implementation, tuning, metrics) to ensure the service is operating within KPI's
• Lead a team of cyber threat use case security analysts to ensure required logs, audit configurations, reference data, and other dependencies are onboarded to achieve the desired outcome of threat use cases
• Interface directly with CDC to ensure use cases are aligned to the changing threat landscape facing the Bank and other industry partners
• Support the red team/adversary emulation and pentesting teams to ensure gaps in detection are remediated (when possible) and/or compensating controls are in place
• Integrate and align existing threat use case library into MITRE ATT&CK framework to define and measure maturity level(s) for detection capabilities
• Proactively identify gaps in detection capabilities and develop/drive remediation strategy to address current gaps
• Develop and implement a testing/exercise strategy to ensure existing threat use cases are operating as intended
• Identify opportunities to implement automated response/triage through SOAR platform where feasible
• Ensure all regulatory requirements for security logging and monitoring and required threat use cases are being met
• Work closely with other service lines and product managers to ensure new security technologies are integrated into the threat use case library
• Conduct business use case modelling sessions with senior business and application stakeholders to identify threat scenarios specific to their business and implement respective detect/prevent capabilities

• Security Technology Services - Security Personnel and Product Managers across service lines, architects, security officers, and development and support teams
• Internal and external stakeholders including Technology Services and Business Functions/Owners

The ideal candidate has experience and strong domain knowledge/expertise in security operations, preferably served in a SOC, Threat Intelligence, or Red team role. Candidates with domain knowledge and experience in red/blue team capacity and/or are familiar with Tactics, Techniques and Procedures (TTP) leveraged by adversaries are desired. Experience conducting threat modelling sessions across security operations or other technology and business teams to identify potential risks specific to the business. Certifications such as OSCP, GREM, GPEN, GCFA are helpful, but not required.

• At least 10 years experience in technology, with 6+ years in cyber security operations (e.g., SOC, Threat Intelligence, Hunt, Forensic) with a good understanding of incident response
• Understanding of technology business risk(s) inherent to the financial industry and the ability to translate/communicate risk into threat use cases/scenarios
• Experience developing custom security content/rules in SIEM Platforms
• Experience working with senior business and application stakeholders to identify threat scenarios and implement relevant protect/detect capabilities
• Extensive experience with security tool stack (e.g., endpoint, web, proxy, SIEM, network) and how they fit into detection capabilities
• Familiarity of relevant logs sources and required configurations across multiple operating systems, network devices, cloud required to achieve threat use cases
• Experience coordinating, leading, and conducting threat scenario-based exercises across red/blue teams to ensure threat use cases and detection maturity is continuously tested and refined
• Strong understanding of Mitre Att&ck and how it can be leveraged
• Experience with Yara, Snort, and parsers
• Strong understanding of cloud facing services (e.g., AWS, Azure, Google)
• Understanding of how threat intelligence fits into the threat detection strategy
• Experience integrating user behavioural analytics into detection strategy and integrating SOAR capabilities in the SIEM platform(s)
• Experience working in a heavily regulated environment, preferably in the finance sector
• Excellent communicator with strong interpersonal skills tailored to the relevant audience
• Able to manage senior stakeholder expectations with a keen sense of what is realistic and achievable in a large complex environment
• Ability to work across functional teams to incorporate security products into SIEM
• Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
• Stays abreast of latest happenings in technology and relation to cyber security

Standard Chartered Global Business Services is committed to creating a diverse and inclusive environment which connects our colleagues, clients and communities through a culture of equality, respect and inclusion.