Threat Detection & Response Analyst

DB Global Technology is Deutsche Bank’s technology center in Central and Eastern Europe. Opened in January 2014, the Bucharest office is constantly expanding.

The team is made up of enthusiastic professionals that work in an international environment adapting to different context and learning new technologies and parts of Deutsche Banks’ businesses.

Every day we look at what needs to be done to support continuous business and how to improve current activities. Changing the Bank is a challenging endeavour which we tackle every day and enjoy our success when our efforts fundamentally change how Deutsche Bank works.

The Threat Detection & Response Analyst works within the Security Operations Center (dbSOC), which is set up within a Follow-The-Sun model. He/She is responsible for the monitoring, detection and analysis of information security events and incidents.

Additionally, he/she acts as a specialist for information security incident response processes to protect the Bank, its partners, and clients of any potential loss. Besides operations tasks, he/she will be supporting to evaluate and adjust processes, tools, and reporting.The objective is to identify and close gaps in the event detection, as well as improving the detection, analysis, and response of security events, ideally in an automated way. Focus is on events in the area of network, endpoint and cloud security (GCP/Chronicle and Microsoft Azure/Sentinel).

Responsibilities

• Handling security events from multiple channels such as the monitoring tools, the Cyber Security Hotline & Mailbox
• Monitoring, detection, and analysis of security-relevant events, including response and documentation. Conduct/contribute to risk assessments to evaluate the criticality of information security events.
• Opening tickets for documentation, further actions, and follow-ups
• Supporting the triage and enrichment of alert data and improving detection use cases
• Improvement of the current threat detection capabilities, ideally via automation of standard processes
• Working in the daily operations, within defined processes and related SLAs
• Supporting the entire SOC team with your security expertise and process know-how

Skills

• Solid background and good understanding of enterprise technologies especially focusing on security devices, network engineering, operating systems, databases and security configurations on application level
• Experience with analyzing system logs including network traffic logs, payload, event logs, application logs, firewall logs, Active Directory etc.
• Experience with Security Incident and Event Management (SIEM) systems. Ideally experienced with Splunk, GCP Chronicle , and/or Microsoft Sentinel.
• Cyber security expertise and familiarized with incident response.
• Good knowledge of current threat landscape and attack scenarios/tactics, as well as containment and protection measures, familiar with MITRE ATTACK framework.
• Good knowledge on Cloud security, ideally on Google Cloud and/or Microsoft Azure.