Team description and details of role

The Threat Detection & Response Manager works within the Security Operations Center (dbSOC), which is set up within a Follow-The-Sun model. He/She is responsible for the monitoring, detection and analysis of information security events and incidents.

Additionally, he/she acts as a specialist for information security incident response processes to protect the Bank, its partners, and clients of any potential loss. Besides operations tasks, he/she will be supporting to evaluate and adjust processes, tools, and reporting, as well as lead smaller projects.

The objective is to identify and close gaps in the event detection, as well as improving the detection, analysis, and response of security events, ideally in an automated way.

Focus is on events in the area of network, endpoint and cloud security (GCP/Chronicle).

Responsibilities

• Perform risk assessments to evaluate the criticality of information security events

• Monitoring, detection, and analysis of security-relevant events, including response and documentation

• Improvement of the current threat detection capabilities, ideally via automation of standard processes

• Ensuring of effective daily Operations, managing workload of the Threat Detection & Response Team

• Acting as escalation and contact point for more critical cases, complaints or process queries.

• Definition, review and enhancement of Threat Detection & Response processes and tools

• Ensuring that predefined processes and SLAs get met.

• Reporting of Information Security Incidents to Senior Management and regulators.

• Supporting the entire SOC team with your security expertise and process know-how

• Disciplinary leadership of a small team.

Required Experience

• Good understanding of enterprise technologies especially focusing on security devices, network engineering, operating systems, databases and security configurations on application level

• Experience with analyzing system logs including network traffic logs, payload, event logs, application logs, firewall logs, Active Directory etc.

• Experience with Security Incident and Event Management (SIEM) systems, ideally with Splunk Enterprise Security and Chronicle SecOps

• Good knowledge of current threat landscape and attack scenarios/tactics, as well as containment and protection measures

• Fluent English skills

• Very good communication, analytical and documentary skills

• Independent way of working with strong problem-solving ability

• Experienced in communicating with higher management levels

• Ideally project management skills and experience

• Ideally experience in KPI reporting

• Ideally first leadership experience

Education/Experience

• Study in IT, Information Security or any other comparable profession or any other comparable apprenticeship

• Cyber Security expertise, proven by industry-standard certifications, such as CISSP, CISM, GCIH or similar

• Ideally experience with cloud monitoring (Azure, Google)

• Knowledge of risk assessment tools, technologies, and methods.

• Experience with monitoring and logging tools (e.g., Splunk)

• Experience with cloud native SIEM or SOAR tools (e.g. Google Chronicle)