Role : Senior Cybersecurity Analyst
Location : Abu Dhabi
Reporting to the Senior Manager – Cyber security operations, The senior Cyber Security Analyst assesses the damage and impact caused by information security events and incidents and develops and manages the implementation of incident containment and recovery plans and actions. The employee works with other information security teams and managers, and other relevant departments across ADIB to ensure proper and timely response to all information security incidents. The role also entails oversight of Cyber security analysts.
Key Accountabilities of the role
- Oversee the monitoring activities of Cyber security analysts.
- Validate the incidents categorized as false positives by Cyber security analysts.
- Triage the identified incidents and ensure that incidents are classified as per the criticality
- Liaise with Incident response team for coordinating the Incident response activities.
- Escalate the incidents within the defined SLA to Senior Manager – Cyber security center..
- Review collected evidence and conduct further investigation to identify the damage and impact caused by information security events and incidents
- Perform intrusion scope and root cause analysis
- Participate in the development of an incident containment plan to limit incident damage
- Participate in systems backup and forensic image capture to ensure the affected systems state is captured as it is during the incident with the objective of performing forensics investigation at a later stage
- Redirect events to appropriate parties (according to playbooks and standard operation procedures) while providing necessary context and details
- Follow up on reported events / incidents up until closure and update ticket based on its status
- Participate in incident eradication and recovery activities to ensure compromised systems are no longer affected
- Identify existing eradication plan from existing documentation, or develop new one eradication plans
- Participate in incident recovery activities to ensure affected systems are fully operational
- Manage the proper turnover of security incidents and coordinate response efforts between the stakeholders involved in incident response activities
- Provide timely feedback to the SIEM content developers regarding false positive rate, false negative rate etc.
- Keep updated on the latest trends and threats in the Cyber world.
- Collect IOCs and other threat intel data and build logic within security tools to detect the presence of the IOCs in the organization.
- Collect Vulnerability details from the respective team and ensure that there is adequate monitoring on the exploitation of these vulnerabilities.
- Develop and maintain standard operating procedure (SOPs) and incident response playbooks based on identified incidents and develop incident eradication plans
- Participate in the development of incident reports and update of lessons learnt
- Identify and develop workflow automation to reduce response time and increase incident response procedures efficiency
- Assist in data recovery procedures
- Participate in testing, deploying, and administering the infrastructure required to provide appropriate incident response
- Participate in threat hunting activities
Specialist Skills / Technical Knowledge Required for this role:
- Knowledge of security technologies, processes, and systems/applications
- Familiarity with banking processes and modus operandi
- Knowledge of ISO 27001, NESA, PCI DSS, SWIFT and other information security standards and regulations
- Strong knowledge of information security monitoring and incident handling technologies
- Strong knowledge of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports…)
- Willing to work in 24/7 shifts.
- Bachelor’s degree in Engineering, IT, or any related technical discipline
- Professional certifications such as Security+, Network+, GCIA, GCIH, CISSP, CEH
- More than 5+ years of experience in information security incident response in big banks or financial institutions
- Experience in security monitoring and incident response techniques and tools
- Experience in handling information security incidents
- Experience in the selection and deployment of Incident Response tools
- Experience developing Incident Response programs and strategic improvements
- Experience developing event escalation and reporting procedures
- Experience working in a Computer Incident Response Team (CIRT), Computer Security Incident Response Center (CSIRC), or Security Operations Center (SOC)