Specialist Cyber Security Cloud Operations Full-time Job

Roles & Responsibilities:

Continuously monitor cloud environments using security tools and services to detect potential intrusion attempts, data exfiltration, lateral movement, and unauthorized access.

Utilize Security Information and Event Management (SIEM) tools to collect and analyze logs from various cloud services, identifying potential security incidents and abnormal patterns.

Develop custom detection rules and queries to identify cloud-specific threats, such as API abuse, unauthorized resource provisioning, and data exfiltration.

Address cloud-specific attack vectors, such as identity and access management (IAM) issues, insecure API configurations, and data exposure due to misconfigured storage services.

Implement container security monitoring solutions to ensure the integrity and security of containerized applications running in cloud environments.

Utilize API security tools to monitor and protect cloud APIs from abuse, unauthorized access, and injection attacks.

Deploy honeytokens and deception technology to lure and detect attackers attempting to exploit fake assets in the cloud.

Deploy machine learning-based anomaly detection to identify unusual user behaviors and potential account compromises within cloud environments.

Implement serverless security monitoring solutions to detect potential threats targeting serverless functions and ensure secure serverless application development.

Continuously review and enhance cloud security monitoring strategies, taking into account the evolving threat landscape and the cloud environment's changes.

Leverage CASB solutions to monitor and control data access and movement between cloud services and users, mitigating insider threats and unauthorized activities.

Conduct regular audits of Identity and Access Management (IAM) configurations, ensuring proper access controls and permissions across cloud resources.

Proactively search for signs of unauthorized activities, persistent threats, and advanced attack techniques within cloud environments using threat hunting methodologies.

Utilize threat intelligence sources and security data to detect cloud-specific threats such as misconfigurations, account compromises, and privilege escalation.

Use both manual and machine assisted techniques to find the Tactics, Techniques and Procedures of advanced adversaries.

Trace attacker paths and detect suspicious patterns of threat actors.

Research innovative methods for making Threat Hunting more efficient and effective.

Utilize digital forensics tools and techniques to perform in-depth analysis of compromised cloud instances, identifying attack vectors and post-incident indicators.

Develop acquisition and processing workflows to acquire and process cloud forensic artefacts.

Employ automated incident triage solutions to quickly assess the severity and impact of security alerts, prioritizing critical incidents for immediate response.

Execute incident response playbooks tailored to different cloud attack scenarios, ensuring the proper sequence of actions during each phase of incident handling.

Swiftly contain and isolate affected cloud resources to prevent further spread of the attack and conduct thorough investigations to identify the root cause of the incident.

Maintain clear and timely communication with stakeholders, providing updates on incident investigations, impact assessments, and recommended countermeasures.

Perform detailed post-incident analysis to understand attack vectors, tactics, techniques, and procedures (TTPs) employed by threat actors, enabling better defense against future attacks.

Help meet SLA’s defined for Incident Management.

Prepare and provide relevant reports for identified incidents.

Ensure the relevant documentation is kept upto date at all times.

Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.

Help the CSIRT during security incidents.

Ensure that peers maintain quality.

Coach, guide and mentor peers to ensure quality delivery

Assist security team members in decision making when it comes to security incidents.

Guide peers during conflicts within the team.

Guide the team and self with upto date and highest level of technical acumen.

Suggest new solutions to improve the Security Monitoring posture of the Group.

Conduct PoCs for new technologies which could help uplift the level of Security within the Group.

Run security projects end to end where necessary.

Requirements:

Proficiency in designing and implementing cloud security architectures with a comprehensive understanding of network segmentation, secure gateway configurations, and application security controls.

Expertise in setting up robust cloud monitoring and logging solutions, utilizing tools such as CloudWatch, Azure Monitor, for continuous monitoring of cloud resources. Proficient in creating custom alerts and integrating with incident management platforms for timely response.

Proven ability to implement runtime security measures, utilizing container security solutions like Kubernetes RBAC, Pod Security Policies, and image scanning to ensure the integrity and security of applications during runtime.

Proficiency in integrating security seamlessly into the CI/CD pipeline, leveraging tools like Jenkins, GitLab, and GitHub Actions for automated security testing and vulnerability assessments.

Adept at configuring granular IAM policies, implementing role-based access controls, and integrating Identity Providers (IdPs) to facilitate Single Sign-On (SSO) for heightened access control.

In-depth understanding of cloud compliance frameworks, including GDPR, HIPAA, and PCI-DSS. Proficient in mapping controls, conducting compliance audits, and producing documentation for certifications.

Proven expertise in devising incident response plans, developing Security Operation Center (SOC) playbooks, and utilizing advanced SIEM solutions for real-time threat detection and response.

Knowledge of current adversary techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.

Experience in analyzing, gathering intelligence on, developing, and documenting threat group activities.

Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their objectives or missions.

Demonstrated understanding of remediation and counter measures for challenging information security threats.

Moderate to advanced technical experience in network communication protocols.

Conducting forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations.

Expert understanding of a company’s business processes, technology and information systems.

Must have knowledge on application and infrastructure security threats and mitigating measures.

Deep knowledge on all aspects of Information Security concepts from broad range of technical and non- technical areas.

Emirates NBD (DFM: Emirates NBD) is a leading banking group in the MENAT (Middle East, North Africa and Turkey) region with a presence in 13 countries, serving over 17 million customers. As at 31st December 2022, total assets were AED 742 billion, (equivalent to approx. USD 202 billion). The Group has operations in the UAE, Egypt, India, Turkey, the Kingdom of Saudi Arabia, Singapore, the United Kingdom, Austria, Germany, Russia and Bahrain and representative offices in China and Indonesia with a total of 879 branches and 4,130 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.6 billion. Emirates NBD Group serves its customers (individuals, businesses, governments, and institutions) and helps them realise their financial objectives through a range of banking products and services including retail banking, corporate and institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations. The Group is a key participant in the global digital banking industry with 97% of all financial transactions and requests conducted outside of its branches. The Group also operates Liv., the lifestyle digital bank by Emirates NBD, with close to half a million users, it continues to be the fastest-growing bank in the region.Emirates NBD contributes to the construction of a sustainable future as an active participant and supporter of the UAEs main development and sustainability initiatives, including financial wellness and the inclusion of people of determination. Emirates NBD is also an early supporter to Dubai Can sustainability initiative, a city-wide initiative aimed to reduce use of single-use plastic bottled water.