Job Purpose: performs monitoring, research, assessment and analysis of Digital Fraud Attacks leveraging various Security Event Monitoring platforms including Web Threat Detection, Real Time Fraud Risk Assessment, Big Data and Digital Application Monitoring tools (SecureWorks, LogRhythm, Threat Intelligence Platforms, Defender, TrendMicro. Previous experience in cyber security operations or incident response is required. Job Accountabilities: Security Operations Monitoring: 1. Support Perform deep packet and log analysis 2. Expert level understanding of network protocols and packet analysis 3. Take lead on incident research when required 4. When event is classed as incident, take the lead to drill with each team and identify root cause, managing the process end to end 5. Manage the security incident management process and coordinate with each stakeholder to identify root cause of the events, coordinating all communication 6. Know the environment to be able to work quickly with IT to identify and deprioritize false positive alerts 7. Being able to author SOPs and training documentation when needed 8. Provide mentorship to junior and mid-level analysts 9. Follow pre-defined actions to handle BAU and High severity issues including escalating and follow-up to other support groups until incident is resolved. 10. Write scripts to automate daily triage of events and to enhance identification of issues 11. Create Use Cases in SIEM and define requirements based upon feedback from other security stakeholders 12. Execute daily ad hoc tasks or lead small projects as needed. 13. Create and maintain operational reports for Key Performance Indicators and weekly and monthly metrics. 14. Perform assessment as well as troubleshooting to help isolate technical issues with the integration of fraud monitoring technologies 15. Participate in daily and ad hoc conference calls to manage quality assurance and documentation related tasks. 16. Identify areas for tuning use cases to enhance monitoring value. 17. Engage with Fraud Policy, Operations, Strategy and other teams for early detection, prevention and mitigation of detected fraudulent activities by writing use cases and scripts that will highlight related events. 18. Work with UEBA systems to tune the event logs to prioritise issues that are anomalous to normal user behaviour. 19. monitor, maintain and protect Gulf Bank of Kuwait’s networks, systems and assets from malicious activity using Security Incident and Event Management (SIEM) solution. 20. Assist with internal and external security audits. 21. Review the monthly SOC vendor reports and contribute towards the improvement of the SIEM solution and its monitoring capabilities. 22. Review SIEM alerts daily and analyse them to eliminate false positive. Escalate positive alerts to the Head of Cyber for further investigation. 23. Conduct bi-weekly calls with the SOC vendor to review implemented use case to fine tune and remove use cases that are not required. 24. Support the application and system owners with log integration. 25. Take lead on identifying use cases for various critical applications and servers i.e. 26. Ensure all Swift systems have their logs integrated with the SIEM solution; 27. Where systems do not have logs, integration assist the application/server owner to ensure all logs are integrated; 28. Identify use case relevant to Swift; and 29. Work with the SOC vendor to ensure all identified use cases are implemented, tested and deployed in a timely manner. 30. Escalate any issues with the SIEM solution (hardware/software) to the Head of Cyber. 31. On a monthly basis complete the Key Risk Indicators (KRI) spreadsheet for SOC related activities 32. Assist with investigations into suspicious activities. 33. Obtain logs from the SIEM solution for the various systems/devices to identify Root Case Analysis (RCA)34. Analyse the logs to identify suspicious behaviour and provide feedback 35. Identify use cases based on the investigation for monitoring in the SIEM 36. Ensure the SIEM solution is up to date, both hardware and software. Generic Accountabilities a) Corporate Governance: Adhere to CBK regulations, Bank’s policies and procedures, and work standards. b) Compliance: Compliance and awareness of Risk Policies, AML and control regulations as well as Compliance to operational procedures and instructions Education & Qualification bachelor’s degree in IT or equivalent experiencewith Professional Banking qualifications Knowledge · Security Information and Event Management (SIEM)· SQL,TCP/IP, computer networking, routing and switching · C, C++, C#, Java, Python or PHP programming languages · IDS/IPS, penetration and vulnerability testing · Firewall and intrusion detection/prevention protocols · Windows, UNIX and Linux operating systems · Network protocols and packet analysis tools · Anti-virus and anti-malware Experience 7-10 years in cyber security field Certification/Accreditation: Security+ (beginner), GIAC (Advanced), CASP (Intermediate)GCIH, GIAC GCFA #J-18808-Ljbffr