1. Collection and analysis of Indicators of Compromise (IOCs) to support the refine detection and response efforts.
2. Validate and provide recommendations on changes to security controls to detect and/or protect against emerging security threats.
3. Assist in evaluating the potential impact of vulnerabilities on the organization's systems and applications and provide recommendations for remediation.
4. Correlate and group Indicators of Compromise (IoCs) to determine the scope and severity of incidents over Threat Intelligence Platform (TIP) solution and assist in threat hunting activity prioritization.
5. Assist incident response teams in understanding the nature and source of security incidents and provide guidance on containment and mitigation strategies.
6. Conduct systematic and targeted searches across CIB hosted and extended infrastructure according to defined hypothesis.
7. Investigate the existence of indicators of compromise (IoCs) to uncover hidden threats and vulnerabilities.
8. Perform Threat Hunting activities to detect tactics, techniques, and procedures (TTPs) of the tracked adversary groups.
9. Perform threat hunting activities utilizing multiple security infrastructure, such as (but not limited to); EDR, NDR, Attack Surface Management, Endpoint AV, WAF, SOAR, TIP, Deception solution….
10. Maintain detailed records of threat hunting activities, findings, and outcomes.
11. Assist in design use cases and rules that can detect and identify the threat according to the collected logs
12. Perform data driven threat hunting activities while abiding to Threat Intel and Hunting frameworks
13. Assist in developing hypothesis to identify potential security threats by conducting systematic and targeted searches across the network and systems.
14. Prepare and deliver comprehensive threat hunting reports to management, highlighting findings and recommended actions
15. Assist in designing SOC metrics, dashboards, scorecards, executive dashboards to be presented and reported based on the SOC Process document.
Create threat hunting dashboards for data visualization and security posture visibility.
Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner
Follow the day-to-day operations related to own jobs in the Security & Resilience Management department to ensure continuity of work.
Comply with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.
Let our experts design a Professional CV for you.