Security Monitoring Engineer
The Global Security department supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.
The mission of GS is:
- To enable sound and formal information security risk decision making by BNPPF management, and
- To help management with implementing a proper information security management system.
Information Security Strategy of GS commits to deliver upon four objectives: 1) enable the extended enterprise; 2) Counter cybercrime; 3) Protect our information systems; 4) Manage security risks.
Consequently, the vision of the “GS Cyber Defence' team is to support Counter cybercrime objective by demonstrably 'best in class' preparation and response to unauthorized cyber activity. This is done by providing the following services:
- Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks.
- Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.
- Main goal of Security Monitoring service is to ensure detection of all security threats targeting the bank. To help the team with execution of this activity BNNPF is looking for a Security Monitoring Platform Engineer
The Security Monitoring Platform engineer is a Security Specialist and is responsible for supporting the Cyber Defence team by sustaining the core Security Monitoring infrastructure on a day-to-day basis. Further to this he is also involved in providing expert assistance for in-depth analysis of security alerts generated by correlating logs from multiple technologies. An engineer also contributes towards providing enhanced visibility to the security posture of BNPPF Group's IT infrastructure. His responsibilities include:
- Maintain solution architecture in line with business requirements and suggest improvements.
- Complete operational responsibility for the ArcSight Event Correlation System and other systems for which the Cyber Defence team has operational responsibility. This includes, but is not limited to ArcSight ESM, Splunk, Microsoft ATA, EDR, DLP, Oracle Database, Connector Interfaces, Logger Appliances, Windows and Linux servers, Network Appliance Storage, and Backups.
- Architect and develop custom Flex Connector as required to meet Use Case Objectives.
- Assistance in the development & management of Use Case and Content.
- Maintain technical and user manuals up-to-date.
- Lead the effort and work towards improving the existing process and procedures required for security monitoring operations.
- Define and execute Life-cycle management of the deployed solutions, qualifying new releases and patches and planning/documenting upgrades, new systems, as well as maintaining current operational event flows. Provide optimization of connector interfaces, aggregation, and data normalization.
- Availability Management: realize availability requirements, compile availability plans, monitor availability, and monitor maintenance obligations;
- Capacity Management: manage capacity of personnel, system capacity, and component (or tactical) capacity
- Change Management: ensure that standardized methods and procedures are used for efficient handling of all changes
- Asset & Configuration Management: manage and trace every aspect of a configuration (CIs) from beginning to end.
- Release Management: ensure the availability of licensed, tested, and version-certified software and hardware
- Incident Management: The primary objectives are to prevent Incidents from happening, and to minimize the impact of incidents that cannot be prevented.
- Manage/Coordinate relationships, projects, and open issues with ArcSight Support, Professional Services staff, and L-3 Enterprise WAN team
Required skills & experiences
- English (Must) and French (preferred)
- CISSP (Certification is not a must)
- 3-5 years of experience within the IT domain with 1+ years of specialization in security operations, monitoring, cyber defense & detection
- Solid understanding of network and security monitoring architecture
- Operational experience in maintaining networks and SIEM environments especially Arcsight.
- Knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, POP3, HTTP, FTP, and SSH.
- Experience with programming and scripting languages and text manipulation tools, most notably Perl, but also including sed and awk, grep, Ruby, and Python.
- Knowledge of ITIL based operational processes
- Knowledge of other detection/monitoring solutions such as Splunk, Q-Radar, EDR, DLP, MS ATA ...
- In-depth understanding and experience in managing security device installations such as firewalls, proxies, IDS/IPS, ...
- Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Lunix, etc.);
- Experience in banking environment.
- Prior experience of working in Agile operating model;
- Team player, self-starter, pro-active attitude, strong time management
- Good Communication and Influencing skills
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Strong intuition and ability to think “outside the box”
- Attention to detail while seeing the bigger picture
- Ability to provide on-the-job training and knowledge sharing to other analysts
- Solid sense of integrity and identification with the mission.
- Ability to process large amounts of information
- Desire to script and automate repetitive parts of the job.
- Full time Job in a fast growing company with strong values of excellence and ethics
- A local human sized company with expertise of a large international group
- A challenging & innovative environment with space for initiative & personal growth
- Opportunities for learning where needed
- An attractive salary package including interesting compensation & benefits
- This position aims to offer an opportunity to grow as Manager within 2 years.