- The Group Global Security department supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.
- The mission of GS is:
- to enable sound and formal information security risk decision making by The Group management, and
- to help management with implementing a proper information security management system.
- Information Security Strategy of GS commits to deliver upon four objectives:
- enable the extended enterprise;
- Counter cybercrime;
- Protect our information systems;
- Manage security risks.
- Consequently, the vision of the “GS Cyber Defence' team is to support Counter cybercrime objective by demonstrably 'best in class' preparation and response to unauthorized cyber activity.
- This is done by providing the following services:
- Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks.
- Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.
- Main goal of Security Monitoring project is to ensure detection of all security threats targeting the bank.
- To help the team with execution of this project The Group is looking for a Security Monitoring Engineer.
Responsibilities and main tasks:
- Maintain solution architecture in line with business requirements and suggest improvements
- Make technologies configuration, customization and support
- Ensure the availability by performing troubleshooting, by engaging in the problem management activities
- Define and execute the lifecycle management of the deployed solutions, qualifying new releases and patches and planning/documenting upgrades.
- Improve the existing detection, alerting and monitoring configurations, processes and procedures.
- Maintain technical and user manuals up-to-date.
- Identify security monitoring 'tactical opportunities' based on other technologies in use but SIEM.
- Evaluate 'tactical opportunities' and prioritize implementation using a threat-centric approach.
- Follow-up on implementation of 'tactical opportunities' with the relevant stakeholders (Global Security, IT, architects) and ensure hand-over to technical maintenance.
Security Monitoring project
- Participate in design of new security monitoring solutions.
- Providing support to the architects and to business for topics requiring a deep solution expertise
- Implement the new functionalities
- Definition and execute the test cases for the validation of the new solutions
Without doubt your involvement in other topics/activities related to security monitoring will be instrumental and appreciated.
Required knowledge / Experience
- Solid understanding of network and security monitoring architecture
- Operational experience in maintaining networks and SIEM environments especially Arcsight.
- Knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, POP3, HTTP, FTP, and SSH.
- Experience with programming and scripting languages and text manipulation tools, most notably Perl, but also including sed and awk, grep, Ruby, and Python.
- Knowledge of ITIL based operational processes
- Knowledge of other detection/monitoring solutions such as Splunk, QRadar, ...
- In-depth understanding and experience in managing security device installations such as firewalls, proxies, IDS/IPS, ...
- Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Lunix, etc.);
- Relevant SANS certifications - CISSP certification Prior experience of working in/for financial institutions;
- Prior experience of working in Agile operating model;
- Team player
- Quick self-starter, pro-active attitude, strong time management
- Good Communication and Influencing skills
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Strong intuition and ability to think “outside the box”
- Attention to detail while seeing the bigger picture
- Ability to provide on-the-job training and knowledge sharing to other analysts
- Solid sense of integrity and identification with the mission.
- Ability to process large amounts of information
- Desire to script and automate repetitive parts of the job.