Role Description:
The Bank's Security Operations Center (SOC) team is responsible for monitoring, assessing, and defending Bank Information Systems and data. The team continuously develops and investigates correlated security event feeds, escalating any identified security incidents. SOC serve as the primary contact for any suspected security incidents, working together with other remediation teams, resolving incidents, and foiling Cyber Security threats against the Bank.
Responsibilities:
Support, troubleshoot, configure, manage, and upgrade SIEM, NTA, AV, DLP, email security, VPN, WAF and a wide variety of other security products.
Perform network troubleshooting to isolate and diagnose common network problems, using strong TCP/IP networking skills.
Installation, setup / configuration, troubleshooting, tuning, diagnostics, and maintenance of IT security related equipment.
Carry out proactive and reactive administration on networking and associated applications ensure adherence to process.
Respond to inbound requests via phone and other electronic means for technical assistance with managed devices.
Respond in a timely manner (within documented SLA) to configuration, maintenance, incident management, and other requests.
Document actions in ticketing system to effectively communicate information internally and to customers.
Implement policy changes.
Automation of tasks to reduce manual operations.
Troubleshoot L2/3 escalated issues and be a single point of contact for management of current security infrastructure.
Handle network/application security vulnerability.
Efficiently handles operations and analysis of security incidents.
Design, implement, enhance, and manage security infrastructure.
Qualifications:
Minimum of 5 years of work experience in information and Cyber Security within the Financial Services sector.
Bachelor's degree of Computer Science or relevant, or equivalent experience.
Cyber security certifications required.
Understanding of Cyber Security best practices, perform architectural risk analysis and threat modeling, conduct security testing is a Plus.
Practical expertise with TCP/IP networking required.
Experience with Linux, Windows and Network Operating Systems required.
Strong working knowledge of routing and access control devices required.
Firewalls including IPS, DLP, Anti-Virus, identity awareness, URL filtering.
Strong hands on SIEM tool configuration & management experience such as ArcSight, Imperva DAM, TripWire, Darktrace.
Tools like Nmap, Nessus, and Wireshark and capturing, reading and analyzing PCAPs.
Experience of configuration & management of email filtering technologies.
Enterprise desktop and server Anti-Virus, active directory, GPO configuration, Endpoint protection technologies.
Microsoft windows server/VMWare VSphere and associated technologies.
LAN & WAN networking using routers, switches and infrastructure products.
System center and configuration Manager.
Ability to write scripts in Linux and/or windows environments (e.g. PowerShell) at an intermediate - advanced level.
Broad technical understanding across Information Security (e.g. incident response, intrusion, attack monitoring, networks, threat and vulnerability management).
Automation using scripting languages like Python/Bash.
Knowledge of machine learning and artificial intelligence concepts is a plus.