Manager Cybersecurity Defense Center

An Individual at this level is expected to be able to attain obtain Objectives and Inputs from the higher management and translate the same in to operational level. This position is a crucial intermediary between the Management and other tiers in the respective area and must therefore collaborate effectively.

Accountabilities

Security Operation Centre (SOC)

• Perform event correlation in coordination with the Team Lead, using information gathered from a variety of sources within the Bank to gain situational awareness and determine the effectiveness of an observed attack.
• Review network alerts from various sources within the Bank and determine possible causes of such alerts.
• Review results from the monitoring of external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the Bank.
• Monitor and evaluate integrated SOC operations to identify opportunities to meet organization objectives.
• Ensure timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Recommend resource allocations required to securely operate and maintain an organization’s SOC requirements.
• Ensure protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Ensure the effectiveness of the Bank's cybersecurity safeguards to ensure that they provide the intended level of protection.
• Communicate new developments, breakthroughs, challenges and lessons learned to the CISO and Senior Management.

Cybersecurity Threat Management

• Provides context and relevance to a large amount of data
• Empowers organizations to develop a proactive cybersecurity posture and to bolster overall risk management policies
• Informs better decision-making during and following the detection of a cyber-intrusion
• Drives momentum toward a cybersecurity posture that is predictive, not just reactive
• Enables improved detection of advanced threats

Cybersecurity Incident & Forensics

• Supervise the cyber defense incident triage performed, to include determining scope, urgency, and potential impact; identifying the specific vulnerability, and making recommendations that enable speedy remediation.
• Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher management.
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
• Identify, draft, evaluate, and prioritize relevant intelligence or information requirements.
• Identify elements of proof of the crime.
• Provide technical assistance on digital evidence matters to appropriate personnel.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
• Contribute to crisis action planning for cyber operations.

Vulnerability Management

• Evaluate network infrastructure vulnerabilities to enhance capabilities being developed.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Create interactive learning exercises to create an effective learning environment
• Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
• Communicate new developments, breakthroughs, challenges and lessons learned to Management, and internal and external customers.
• Continuously validate the SOC against policies/guidelines/procedures/regulations/laws to ensure compliance.

• A Bachelors or Master’s degree preferably in Information Security or IT / Computer Science or related discipline.
• Professional Certification(s), in the relevant field
• A minimum of 7 years of Cyber Security Experience
• A candidate at this level is expected to demonstrate their knowledge of: New and emerging information technology (IT) and cybersecurity technologies; what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities; Insider Threat investigations, reporting, investigative tools and laws/regulations; hacking methodologies; emerging security issues, risks, and vulnerabilities; current and emerging threats/threat vectors; the common attack vectors on the network layer; different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks); cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored); cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks); emerging technologies that have potential for exploitation; attack methods and techniques (DDoS, brute force, spoofing, etc.); common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.); current software and methodologies for active defense and system hardening; cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects.