• Competitive
  • Singapore
  • Permanent, Full time
  • Standard Chartered Bank
  • 2019-05-19

Cyber Threat Use Case Manager

  • Location: Singapore
  • Salary: Competitive
  • Job Type: Full time

Cyber Threat Use Case Manager

About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.


The Role Responsibilities
  • Work closely and collaborate with a broad range of stakeholders including senior business leaders, application owners, security operations (e.g., CDC, Threat Intelligence, Threat Hunting), and Security Content Engineers to ensure that threat use cases are fit for purpose and meeting expectations based upon the Bank's threat model.
  • Manage aspects of the threat use case lifecycle framework (e.g., governance, development, testing, implementation, tuning, metrics) to ensure the service is operating within KPI's
  • Lead a team of cyber threat use case security analysts to ensure required logs, audit configurations, reference data, and other dependencies are onboarded to achieve the desired outcome of threat use cases
  • Interface directly with CDC to ensure use cases are aligned to the changing threat landscape facing the Bank and other industry partners
  • Support the red team/adversary emulation and pentesting teams to ensure gaps in detection are remediated (when possible) and/or compensating controls are in place
  • Integrate and align existing threat use case library into MITRE ATT&CK framework to define and measure maturity level(s) for detection capabilities
  • Proactively identify gaps in detection capabilities and develop/drive remediation strategy to address current gaps
  • Develop and implement a testing/exercise strategy to ensure existing threat use cases are operating as intended
  • Identify opportunities to implement automated response/triage through SOAR platform where feasible
  • Ensure all regulatory requirements for security logging and monitoring and required threat use cases are being met
  • Work closely with other service lines and product managers to ensure new security technologies are integrated into the threat use case library
  • Conduct business use case modelling sessions with senior business and application stakeholders to identify threat scenarios specific to their business and implement respective detect/prevent capabilities


Our Ideal Candidate


The ideal candidate has experience and strong domain knowledge/expertise in security operations, preferably served in a SOC, Threat Intelligence, or Red team role. Candidates with domain knowledge and experience in red/blue team capacity and/or are familiar with Tactics, Techniques and Procedures (TTP) leveraged by adversaries are desired. Experience conducting threat modelling sessions across security operations or other technology and business teams to identify potential risks specific to the business. Certifications such as OSCP, GREM, GPEN, GCFA are helpful, but not required.
  • At least 10 years experience in technology, with 6+ years in cyber security operations (e.g., SOC, Threat Intelligence, Hunt, Forensic) with a good understanding of incident response
  • Understanding of technology business risk(s) inherent to the financial industry and the ability to translate/communicate risk into threat use cases/scenarios
  • Experience developing custom security content/rules in SIEM Platforms
  • Experience working with senior business and application stakeholders to identify threat scenarios and implement relevant protect/detect capabilities
  • Extensive experience with security tool stack (e.g., endpoint, web, proxy, SIEM, network) and how they fit into detection capabilities
  • Familiarity of relevant logs sources and required configurations across multiple operating systems, network devices, cloud required to achieve threat use cases
  • Experience coordinating, leading, and conducting threat scenario based exercises across red/blue teams to ensure threat use cases and detection maturity is continuously tested and refined
  • Strong understanding of Mitre Att&ck and how it can be leveraged
  • Experience with Yara, Snort, and parsers
  • Strong understanding of cloud facing services (e.g., AWS, Azure, Google)
  • Understanding of how threat intelligence fits into the threat detection strategy
  • Experience integrating user behavioural analytics into detection strategy and integrating SOAR capabilities in the SIEM platform(s)
  • Experience working in a heavily regulated environment, preferably in the finance sector
  • Excellent communicator with strong interpersonal skills tailored to the relevant audience
  • Able to manage senior stakeholder expectations with a keen sense of what is realistic and achievable in a large complex environment
  • Ability to work across functional teams to incorporate security products into SIEM
  • Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
  • Stays abreast of latest happenings in technology and relation to cyber security

Apply now to join the Bank for those with big career ambitions.