VP, SIEM Threat Content Engineer
- Kuala Lumpur, Federal Territory, Malaysien
- Festanstellung, Vollzeit
- Standard Chartered Bank Malaysia Berhad
- 13 Nov 18
VP, SIEM Threat Content Engineer
Business Title: VP, SIEM Threat Content Engineer
Grade: Band 5A
Business Unit: ITO, Technology Services, Security Technology Services
Job Family: Security Technology Services
Reports Directly to: Head, Security Monitoring & Analytics
Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services".
The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.
This role is within the Security Monitoring & Analytics service line and supports the Cyber Defence Centre (CDC) to develop and implement threat use cases, Splunk Technical Add-ons (TA's), dashboarding and visualization. This position is responsible for developing content in Splunk Enterprise Security (ES) platform to support cyber security and threat intelligence analysts. This role utilizes expertise in Splunk Processing Language (SPL), TAs, search query optimization, and building data models, kv stores, dashboards, and queries to enable telemetry, detection, alerting, and monitoring for cyber security threats. The candidate will work closely with the Cyber Defence Center (CDC) and Cyber Threat Use Case Manager to drive and continuously enhance the Alerting
and Detection strategy across.
• Support the Cyber Treat Use Case Manager, Cyber Defence Analysts, and Threat Intel Analysts in designing and implementing threat use cases
• Develop and customize Splunk Apps and dashboards and build advanced visualizations/dashboards
• Develop custom Python scripts for data enrichment across internal (e.g. CMDB) and external data sources
• Develop integration/orchestration between Splunk ES and SOAR platform to support automated response capabilities
• Customize and optimize queries, promote advanced searching, and design creative solutions to complex problems
• Perform data interpretation, classification and enrichment
• Integrate existing Splunk and ES datamodels and support custom data model development, integration, and acceleration
• Collaborate with other service lines within STS (e.g., Network Security, Vulnerability Management, Cloud, Malware Protection) to ensure products, relevant logs sources are integrated into the Alerting and Detection Strategy
• Collaborating with data owners and customers on understanding data sources and use cases, and successfully translating requirements to actionable content
• Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment, and hunt capabilities across multiple log sources
• Support the red team/adversary emulation to ensure successful tests and associated technique(s) have detection and alerting in place (when possible)
• Security Technology Services - Security Personnel and Product Managers across service lines, architects, security officers, and development and support teams
• Internal and external stakeholders including Technology Services and Business Functions/Owners
COMPETENCIES (KNOWLEDGE & SKILLS):
The ideal candidate has experience and strong domain knowledge/expertise in creating advanced content for Splunk ES, ideally having developed and implemented an alerting and detection strategy in a current/previous role. Highly desirable if the candidate has previously integrated a SOAR solution into a security operations capability.
• 5 - 7 years experience working with SIEM technology (e.g. Splunk ES, ArcSight, QRadar) in the following disciplines
• Strong knowledge of Splunk Search Processing Language (SPL) for rule and content development for alerting, metrics, and/or reporting
• Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment
• Experience with Splunk knowledge objects (e.g. fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, etc.)
• Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud/Mainframe)
• Experience developing and customizing Splunk TA's/Apps
• Experience with scripting languages (e.g., Python, perl, bash)
• Familiarity with Cloud/Container security and experience developing security content to detect threats across these (and other) technologies
• Experience integrating threat intelligence platform (TIP), IOCs, into alerting and detection strategy
• Experience integrating internal/external API's and optimizing usage
• Excellent communicator and collaborative team player
• Ability to work across functional teams to incorporate security products into SIEM
• Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
• Stays abreast of latest happenings in technology and relation to cyber security
Standard Chartered Global Business Services is committed to creating a diverse and inclusive environment which connects our colleagues, clients and communities through a culture of equality, respect and inclusion.