Threat Defense Operations Manager

Threat Defense Operations Manager

 Abu Dhabi, NONE

 

Permanent

Role Purpose:
The Threat Defense Operations Manager reports to the Head of Information Security Cyber Defense Operations. This role is responsible for creating detection logic and maintaining data sources that contain information on indicators, correlations, and existing detection logic. The manager collaborates with information security teams, the IT Department, and other business units to identify data sources, develop use cases, and advise on SIEM configuration.

Key Metrics:

• Number of cyber threat hunting activities completed on or before target dates.
• Percentage of customized rules created.
• Percentage of incidents not prevented due to SIEM misconfiguration.
• Number of threat reports generated or reviewed.

Key Accountabilities of the Role:

• Develop and maintain an understanding of current vulnerabilities and mitigation strategies in ADIB’s cyber defense operations.
• Collaborate with ITD to review alerts generated by detection infrastructure, focusing on false positive alerts.
• Analyze threat information from various sources, including logs, Intrusion Detection Systems (IDS), and intelligence reports from Cyber Threat Intelligence.
• Continuously analyze the security stack and gather log ingestion feedback to identify gaps and prioritize detection needs.
• Identify and hunt for threat actor groups, their tools, techniques, procedures (TTPs), and Indicators of Compromise (IOCs) in collaboration with the information security team.
• Create tailored detection logic based on the Group threat landscape, using industry-specific intelligence and developed use cases in the form of threat rules and signatures.
• Work with ITD to add data sources and provide guidance on SIEM configuration.
• Operationalize identified IOCs by testing and overseeing the deployment of SIEM monitoring and alerting rules.
• Support Cyber Threat Intelligence and IS Risk Management teams by providing context on the threat landscape for group risk management activities.
• Maintain a data source catalog containing information on indicators, correlations, and existing detection logic.
• Collaborate with Threat Analysts to identify and recommend new internal and external data sources for developing additional threat detection logic.
• Monitor the efficacy of existing detection logic and decommission or age-off rules as necessary.

Specialist Skills / Technical Knowledge Required for This Role:

• Knowledge of banking processes and operational frameworks.
• Strong understanding of information security processes, services, and systems.
• Proficient in threat hunting techniques, zero-day exploit activities, and malware identification.
• Knowledgeable in network monitoring and exploitation techniques.
• Familiarity with SIEM configuration requirements and logic.
• Good understanding of network protocols and web application attack vectors.
• Knowledge of ISO 27001, NESA, PCI DSS, SWIFT, and other security standards and regulations.
• Bachelor’s degree in Computer Science, Engineering, IT, or a related technical discipline.
• Relevant professional certifications such as Security+, CEH, GCIA, GCIH, CISSP.

Previous Experience:

• 7-9 years of experience in information security threat hunting within large international banks or financial institutions.
• Experience with scripting/programming, exploitation techniques, and use case development.
• Familiarity with common attack vectors and IOC datasets.
• Experience in developing SIEM configuration logic.