• Competitive
  • Warsaw, Mazowieckie, Poland
  • Permanent, Full time
  • Standard Chartered Bank
  • 2019-05-22

Threat Use Case Analyst

  • Location: Warsaw, Mazowieckie, Poland
  • Salary: Competitive
  • Job Type: Full time

Threat Use Case Analyst

About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities

• Support the Cyber Threat Use Case Manager, Cyber Defence Analysts, and Threat Intel Analysts in designing and implementing threat use cases
• Develop and gather requirements for threat use cases to detect adversary behaviours
• Maintain the threat use case library to ensure use cases are properly enriched, mapped to Mitre Att&ck, and operating correctly
• Work closely with Threat Intelligence, Cyber Defense Center, and business stakeholders to identify potential threat scenarios and translate them into threat use cases
• Enhance the use case testing framework through the use of scripts and adversary simulation capabilities
• Work closely with other service lines to continuously enhance threat use cases as new products, logs, and capabilities are introduced to the organization
• Identify and improve orchestration, data enrichment and triage capabilities through SOAR platform
• Work closely with content detection engineering team to continuously monitor and tune alerts
• Lead weekly threat use case working group to capture requirements for new threat use cases

Our Ideal Candidate

The ideal candidate has experience and strong domain knowledge/expertise in security operations (e.g., SOC, Forensics, Threat Intelligence) or red teaming/pentesting with advanced knowledge of adversary techniques.

• 5 - 7 years experience working in security operations role with experience identifying adversary behaviours and techniques used to conduct attacks
• Strong knowledge of Splunk Search Processing Language (SPL) for rule and content development for alerting, metrics, and/or reporting
• Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment
• Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud/Mainframe)
• Experience with scripting languages (e.g., Python, perl, bash)
• Familiarity with Cloud/Container security and experience developing security content to detect threats across these (and other) technologies
• Experience integrating threat intelligence platform (TIP), IOCs, into alerting and detection strategy
• Excellent communicator and collaborative team player
• Ability to work across functional teams to incorporate security products into SIEM
• Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
• Stays abreast of latest happenings in technology and relation to cyber security

Apply now to join the Bank for those with big career ambitions.