• Competitive
  • Singapore
  • Permanent, Full time
  • Standard Chartered Bank
  • 2019-07-18

Threat Research Analyst

  • Location: Singapore
  • Salary: Competitive
  • Job Type: Full time

Threat Research Analyst

About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities

Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .

The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.

The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.

This role is within the Security Monitoring & Analytics service line and supports the Cyber Defence Centre (CDC) to identify, develop, and implement threat use casesThe candidate will work closely with the Cyber Defence Center (CDC) and Cyber Threat Use Case Manager to drive and continuously enhance threat use cases and mature the Alerting and Detection strategy across the bank.
  • Support the Cyber Threat Use Case Manager, Cyber Defence Analysts, and Threat Intel Analysts in designing and implementing threat use cases
  • Develop and gather requirements for threat use cases to detect adversary behaviours
  • Maintain the threat use case library to ensure use cases are properly enriched, mapped to Mitre Att&ck, and operating correctly
  • Work closely with Threat Intelligence, Cyber Defense Center, and business stakeholders to identify potential threat scenarios and translate them into threat use cases
  • Enhance the use case testing framework through the use of scripts and adversary simulation capabilities
  • Work closely with other service lines to continuously enhance threat use cases as new products, logs, and capabilities are introduced to the organization
  • Identify and improve orchestration, data enrichment and triage capabilities through SOAR platform
  • Work closely with content detection engineering team to continuously monitor and tune alerts
  • Lead weekly threat use case working group to capture requirements for new threat use cases
  • Conduct research on attack patterns, techniques, and develop creative solutions to detect/prevent the activity

Our Ideal Candidate

The ideal candidate has experience and strong domain knowledge/expertise in security operations (e.g., SOC, Forensics, Threat Intelligence) or red teaming/pentesting with advanced knowledge of adversary techniques.
  • 3 - 7 years experience working in security operations role with experience identifying adversary behaviours and techniques used to conduct attacks
  • Strong knowledge of Splunk Search Processing Language (SPL) for rule and content development for alerting, metrics, and/or reporting
  • Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment
  • Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud/Mainframe)
  • Experience with scripting languages (e.g., Python, perl, bash)
  • Familiarity with Cloud/Container security and experience developing security content to detect threats across these (and other) technologies
  • Experience integrating threat intelligence platform (TIP), IOCs, into alerting and detection strategy
  • Excellent communicator and collaborative team player
  • Ability to work across functional teams to incorporate security products into SIEM
  • Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
  • Stays abreast of latest happenings in technology and relation to cyber security
  • Knowledge of attack stages (e.g., footprinting, scanning, enumeration, gaining access, escalation of privileges, maintaining access, exploitation, cleanup)
  • Relevant industry certifications (e.g., OSCP, OSCE, GREM, GPEN, GFNA, GCFA)

Apply now to join the Bank for those with big career ambitions.