The purpose of the “Cyber Defence’ team is to prepare and to respond to unauthorized cyber activity. This is done by providing the following services:
Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information.
Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.
To support those services, the client is looking for a Security Logging & Monitoring Expert to perform activities as outlined below. Expert represents both the different stakeholders and the internal client's voice by identifying their expectations, preferences and aversions, which he translates into business requirements. The Expert must ensure the perfect understanding of the products on the part of the engineering team, as well as its progress.
The expert is responsible for defining stories, prioritizing the backlog and organizing the execution of operational priorities, while maintaining the conceptual and technical integrity of the features / user stories. The expert has a significant role in quality and is empowered to judge if stories are finalized or not.
More specifically the Security Logging & Monitoring Expert is:
Responsible for translating the Cyber Defence vision and strategy into target operating model and processes for the Security Logging & Monitoring capabilities.
Communicate the Security Logging & Monitoring target operating model and processes effectively to key stakeholders and Cyber Defence team members.
Incorporates stakeholder input into product roadmap while effectively negotiating priorities based on value to the company.
Works day to day with stakeholders and different IT teams clarifying requirements, removing roadblocks, constantly communicating and gaining alignment around the Security Logging & Monitoring capabilities.
Ensures delivery of Security Logging & Monitoring yearly roadmap, partners with delivery teams to ensure deliverables are clear, removes barriers for Cyber Defence team members and resolves open issues/questions quickly and efficiently.
Sets the quality standard for delivery. Develops test plans and monitoring user story acceptance criteria, reviews each deliverable and provide feedback to team and improve team processes.
Leads problem resolution as needed to ensure a prompt and efficient service.
Responsible for Security Logging & Monitoring key performance indicators (KPI’s).
Applicative Security logging & monitoring:
Have a good understanding of banking applications (API, Payments) business context.
Have an ability to translate a complex applicative ecosystem, distributed across many layers, devices, data flows applications and relevant threat factors (actors, attack techniques, attack tools, ..) into number of detection conditions (event, a log source, a detection logic) required to develop effective applicative detection use cases.
Improve and maintain the applicative use case creation and maintenance methodology which takes in account elaborate relationship among all actors involved both locally and in the BNPP Group.
Mandatory experience
(demonstrate general knowledge of most of the following, with deep understanding
in at least one or two areas)
Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, SOC tooling, etc.);
Experience with building SOC related framework: target operating model, roles, processes.
Experience with processes in a SOC or CSIRT environment;
Experience with setting best practices quality controls over SOC process;
Knowledge of applicative security ecosystem.
Preferable
Knowledge of the architecture of banking applications;
Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk, ArcSight, ELK, etc…;
Knowledge of Web Application Security Development. (OWASP).