VP, Threat Content Developer (SIEM and Big Data Security Analytics), Group Information Security
Posting Date: 27-Oct-2020
Location: Alexandra, Singapore, SG
Company: United Overseas Bank Limited About UOB
United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.
Our history spans more than 80 years. Over this time, we have been guided by our values - Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers. About the Department
The Technology and Operations
function is comprised of five teams of specialists with distinct capabilities: business partnership, technology, operations, risk governance and planning support and services. We work closely together to harness the power of technology to support our physical and digital banking services and operations. This includes developing, centralising and standardising technology systems as well as banking operations in Singapore and overseas branches. Job Responsibilities
Support in developing and implementing advance new use cases and threat model as per the Cyber Security landscape by following industry leading Security framework and enhance the existing use cases and threat model detection capabilities to detect sophisticated cyber-attacks.
- Drive and lead advanced security analytics initiative to drive value from Security Analytics.
- Review all existing Security contents in SIEM and Big Data Security Analytics
- Define new use cases and threat models and risk score threshold for use cases on SIEM and BIG Data platform
- Work with other stakeholders and develop custom use cases
- Ability to understand business problems and apply technology solutions, leveraging technology trends to deliver results by working closing with SOC and other key stakeholders
- Work with respective engineering team to articulate the clear requirements of attributes related for each data feeds those are required for creating use cases and threat model
- Development, implementation and maintenance of use cases and also develop content around threat intel feeds
- Map all current and new use cases to MITRE ATT&CK framework and NIST methodology
- Develop detection strategies and security content for various threats
- Responsible for proactively developing common and known use cases.
- Development, optimization and management of use case framework
- Working with SOC and other key stakeholders in explaining all use cases and threat model for UAT, other testing and fine tuning.
- Performing Data Analytics and Threat hunting to get the context for use cases and threat model creation.
- Integrate and Monitor threat intel feed on the SIEM and Big Data platforms
- Monitor and track threat feeds ingestion and best utilization of threat feeds
- Use case (life cycle) management (research, development & maintenance)
- Conduct detailed analytical queries and investigations, identify areas that require specific attention, identify indicators of compromise (IOC) or events of interest (EOI) that need further investigation and develop use cases and rules to be developed into the SIEM platform
- Create and enhance internal processes and procedures how to the business requirements from other stakeholders.
- Act as a mentor and team lead to all First Level Security Analysts, support and supervise them, ensure knowledge transfer within the team
- Deliver qualified information about actual threats and indications, recommendations how the associated risk can be mitigated
- Develop, automate and maintain reports and dashboards
- Train and coach members of project groups to ensure effective knowledge management
- Engage in Purple Teaming exercises with our Red Team.
• ITC/Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
• Demonstrated content development experience on any analytical platform or solution.
• Knowledge of risk assessment, security assessment, continuous monitoring, cyber kill chain/MITRE ATT&CK framework and/or regulatory (PCI, HIPAA, ISO27001 series)
• At least one of the leading certifications (CISSP, CISM, GSEC, , OSCP, GMON, CCSP).
• Certified SNYPR Content Developer (CSCD) would be an added advantage
• Had delivered quality tangible advance use cases and threat model on any SIEM or Big Data Analytical platform.
• Experience in any insider threat tools
• Overall experience 8+ years of experience
• 4+ years of relevant experience in creating security use cases and threat contents
• Good understanding and experience of applying analytic methods and techniques to provide insight, identify risks and detect threats leveraging several data sets
• Experience in data enrichment and doing data analytics
• Experience with SIEM Threat Content Development
• Experience in developing and implementing use cases in with SIEM technologies and Security Analytics platform
• Had developed use cases using MITRE ATT&CK framework
• Strong understanding of Insider Threat system and Cyber threat system architecture along with understanding of user entity behavior analytics techniques and algorithm
• Strong knowledge in understanding Firewall, Proxy, Network, OS, Cloud, and other main-stream infrastructure logs.
• Familiar with Big Data Analytics, EDR, SIEM and other cyber technologies
• Basic knowledge in developing custom parsers (regex) required for data ingestion for any infrastructure or application based data feeds.
• Basic understanding of Big Data components which are required for data preparation.
• Working experience in Hadoop eco system would be plus.
• Experience of SQL and scripting (Python & Shell) would be a plus
• Understand of new threat landscape
• Good written and verbal communication skills
• Self-motivated and creative thinker
• Strong analytical and problem solving skill
• Passionate about cyber security and up-to-date with current threats. Be a part of UOB Family
UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.
Apply now and make a difference.