Division/Department: Information Security Department (ISD)
Grade Range: VP1 to VP
Reports To: Head ISD
Job Summary:
Establishment and management of Incident Response mechanism. Establish active monitoring of the bank’s IT assets to detect, analyze, track and mitigate external and internal threats. Provide direction to security team on how and what to monitor on end user computing, networks and systems with the use relevant tools.
Major Duties & Responsibilities to perform the Role:
· Design and establish Incident response with all required tools and defined roles
· Threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
· Mentor and guide SOC team and perform knowledge transfer to other teams as required
· Manage a forensic function for threat and anomaly detection
· Evaluate existing SIEM rules, filters, events, and use cases and adapt to meet the business requirements
· Build and manage playbooks in order to document how to respond, set severity, and how to escalate specific threat types
· Creation of reports, dashboards, metrics for SOC operations and presentation to Head ISD and ITD
· Co-ordination with stakeholders, build and maintain positive working relationships with them
· Coordinate, work with and liaise with business stakeholders, technical resources, and third-party vendors
· Provide oversight of analysis activities and direct the activities of the team to ensure the effective resolution
· Contribute to the development of Attack Analysis SOPs to ensure that they stay current and effective.
· Correlate network activity across networks to identify trends of unauthorized use
· Review alerts and data from sensors and documents formal, technical incident reports
· Research emerging threats and vulnerabilities to aid in the identification of network incidents
· Deliver assessments to senior leadership and recommend course of action to be undertaken.
· Manage and improve information security documentation as required.
· Help analyse findings in investigative matters, and develop fact-based reports of events over period
· Any other assignment given by the supervisor
Relevant Experience: AT least 02 years of Security Operations Center; 06 years in Network/Information Security
Qualification: IT/CS graduate
Certifications: Network Security Certification; IS certifications; Network Secuirty certifications; Security+, GCIA or CEH
Location: Tricon Centre - Lahore