Cyber Security Specialist

Job Description

Hello Future Cyber Security Specialist

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.

Overview of the role and requirements:

- Defining and delivering the Cyber Detection Strategy (Alerting for the SOC to in order to detect any malicious activity)
- Performing Pro-Active Threat Hunting to find any malicious activity that may have evaded the security controls deployed in the bank.
- Security Consulting where required by FRG Business Units
- Threat Intelligence Analytics and Response
- To provide guidance and support in delivering the Cyber Detection Strategy and performing pro-active threat hunting to detect malicious cyber activity against the bank
- Red Team/Penetration Testing Experience

What you will need:

- 5+ years experience in a similar role
- Bachelor degree in a related field such as information security, management or computer engineering
- CEH (Certified Ethical Hacker) OR CISSP (Certified Information Systems Security Professional)
- Strong command of cyber threat detection, investigation and mitigation
- Knowledge of Incident Response and Investigations
- Working knowledge and experience of core security and infrastructure technologies (e.g. firewall logs, network security tools, malware detonation devices, proxies, IPS/IDS)
- Red Team/Penetration Testing Experience
- This is a hands-on technical role and requires a high level of technical ability and understanding across a variety of security systems, particularly within Microsoft and Cisco.
- Strong awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection.
- Experience in working with a SIEM

You will be responsible for:
Cyber Security Detection Framework
- Business Owners of all playbooks (Definition, Coordination and Review)
- Enhance and Automate Security Alerting (Use Cases and Playbooks)
- Understand the Threat Landscape
- Make use of threat intelligence information together with organizations vulnerabilities to understand potentially new organizational threats or threats that are no longer of concern
- Identify NEW Threats that require use cases for alerting into the SOC
- Design and Maintain Alerts by translating complex security requirements into technical use case specifications
- Document Threat Attack Paths through Threat Modelling Techniques (Take lead on the identification of threats and risks)
- Create correlation rules and/or logic to detect malicious activity
- Identify what log sources is required to build the Use Case
- Develop the Use Case - Separate signal from noise, distilling meaningful and actionable alerts from the collection of event information (EFFECTIVENESS).
- Test and Productionise the Use Case
- Alert Optimisation
- To reduce false alerts, improve alert quality for effective intervention and reduce alert fatigue
- Log Analytics - To uncover patterns in user behaviours and identify potential problems pro-activity

Pro-Active Threat Hunting
- To proactively hunt for and investigate security events to identify artefacts of a cyber-attack.
- To proactively and iteratively detect, isolate and neutralize advanced threats that evade automated security solutions.
- To track and neutralize adversaries who could either be an insider (employee) or outsider (organized crime group)
- Search for cyber threats before an attack happens, when threats are identified the hunter needs to gather as much information on the behaviour, goals and methods of adversaries as possible to hand over to the Incident Response team.
- Responsible for reviewing system log events to proactively detect advanced threats that evade traditional security solutions.
- Set up basic hunts for the SOC analysts to run on a regular basis
- Hunts - Indicators of Compromise (IOC) Investigations. Identification of threats and breaches that may have previously gone unnoticed through other means. Hunting results can also help drive improvement in monitoring systems. Previous unknown IOC’s and malware may also be identified
- Event Analytics
- Review Events that transpired and look for common trends to see if there is any further remediation required or
- Improvements to current security products to detect and block more effectively
- Log Analytics
- Find suspicious activity,
- To detect recurring patterns and
- Pick up insecure protocols being used within the organization

Cyber Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event)
- Providing response and initial management of any incident classified as P1 or P2 security incident
- Lea