COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the United Arab Emirates with a Brand value of USD 3.89 billion.

At the bank, we serve our customers and help them realize their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations.

The formation of the Group Information Security function is to ensure Emirates NBD information and data is resilient against external and internal security threats embed information security mindset as a core element of organization business strategy and provide an independent & objective view of Emirates NBD Security posture to the management committees. The unit exists to provide secure banking environment for our customer and employees.

JOB PURPOSE

The Specialist - Cyber Security Cloud Operations role is responsible for effectively detecting, responding to, and mitigating threats targeting Emirates NBD’s cloud infrastructure and data. They will also act as standby resources for conducting the incident processes to ensure they are well drilled and effective. Maintain acceptable cyber hygiene levels and ensure the goals of the unit are met.

Cloud Security

• Continuously monitor cloud environments using security tools and services to detect potential intrusion attempts, data exfiltration, lateral movement, and unauthorized access.
• Utilize Security Information and Event Management (SIEM) tools to collect and analyze logs from various cloud services, identifying potential security incidents and abnormal patterns.
• Develop custom detection rules and queries to identify cloud-specific threats, such as API abuse, unauthorized resource provisioning, and data exfiltration.
• Address cloud-specific attack vectors, such as identity and access management (IAM) issues, insecure API configurations, and data exposure due to misconfigured storage services.
• Implement container security monitoring solutions to ensure the integrity and security of containerized applications running in cloud environments.
• Utilize API security tools to monitor and protect cloud APIs from abuse, unauthorized access, and injection attacks.
• Deploy honeytokens and deception technology to lure and detect attackers attempting to exploit fake assets in the cloud.
• Deploy machine learning-based anomaly detection to identify unusual user behaviors and potential account compromises within cloud environments.
• Implement serverless security monitoring solutions to detect potential threats targeting serverless functions and ensure secure serverless application development.
• Continuously review and enhance cloud security monitoring strategies, taking into account the evolving threat landscape and the cloud environment's changes.
• Leverage CASB solutions to monitor and control data access and movement between cloud services and users, mitigating insider threats and unauthorized activities.
• Conduct regular audits of Identity and Access Management (IAM) configurations, ensuring proper access controls and permissions across cloud resources.

Threat Hunting

• Proactively search for signs of unauthorized activities, persistent threats, and advanced attack techniques within cloud environments using threat hunting methodologies.
• Utilize threat intelligence sources and security data to detect cloud-specific threats such as misconfigurations, account compromises, and privilege escalation.
• Use both manual and machine assisted techniques to find the Tactics, Techniques and Procedures of advanced adversaries.
• Trace attacker paths and detect suspicious patterns of threat actors.
• Research innovative methods for making Threat Hunting more efficient and effective.

Digital Forensics

• Utilize digital forensics tools and techniques to perform in-depth analysis of compromised cloud instances, identifying attack vectors and post-incident indicators.
• Develop acquisition and processing workflows to acquire and process cloud forensic artefacts

Incident Management

• Employ automated incident triage solutions to quickly assess the severity and impact of security alerts, prioritizing critical incidents for immediate response.
• Execute incident response playbooks tailored to different cloud attack scenarios, ensuring the proper sequence of actions during each phase of incident handling.
• Swiftly contain and isolate affected cloud resources to prevent further spread of the attack and conduct thorough investigations to identify the root cause of the incident.
• Maintain clear and timely communication with stakeholders, providing updates on incident investigations, impact assessments, and recommended countermeasures.
• Perform detailed post-incident analysis to understand attack vectors, tactics, techniques, and procedures (TTPs) employed by threat actors, enabling better defense against future attacks.
• Help meet SLA’s defined for Incident Management.
• Prepare and provide relevant reports for identified incidents.
• Ensure the relevant documentation is kept upto date at all times.
• Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.
• Help the CSIRT during security incidents

Team Management

• Ensure that peers maintain quality.
• Coach, guide and mentor peers to ensure quality delivery
• Assist security team members in decision making when it comes to security incidents.
• Guide peers during conflicts within the team.
• Guide the team and self with upto date and highest level of technical acumen.

Project Management

• Suggest new solutions to improve the Security Monitoring posture of the Group.
• Conduct PoCs for new technologies which could help uplift the level of Security within the Group.
• Run security projects end to end where necessary.

KEY REQUIREMENTS

Education

• ESSENTIAL: Bachelor's degree in a computer-related field such as Computer Science, Management Information System or Information Science or Mathematics
• DESIRABLE: Master’s degree in Business Administration, Information Security, Human Resource Management, Finance or International Business or Executive Education from reputed institutes like Harvard

Certifications

• ESSENTIAL: CCSP, GCLD, GCFR, GCSA, GCPN, GPCS, GCTD, GWEB or other relevant cloud security certifications (Azure, AWS, Oracle)
• DESIRABLE: GCTI, GCFA, GNFA, GREM, GCIH, GCFA, OCSP

Experiences

• 3 years of experience in cloud security, cyber hunt, or other technical Information Security positions.
• 7 years of Technology experience (overall)

Key Skills

• Strong understanding of the cloud technology stacks for Microsoft Azure, Amazon AWS, Google Cloud Platform and Oracle Cloud
• Strong grasp of SecDevOps practices
• Should be able to conduct Digital Forensics and Malware Assessments
• Multiple operating systems, such as Windows, Linux/Unix, and Mac/OSX
• Scripting (Shell/Python/R/etc.) / Programming in support of data analysis
• Superior written and verbal communication skills in order to effectively communicate security threats and recommendations to technical or non-technical stakeholders
• Good hands-on experience with traditional infrastructure technologies that involve perimeter protection, core protection and end-point protection/detection
• Penetration testing experience is desirable. Must be able to understand and mitigate security issues that relate to applications.
• Takes responsibility and ownership for the security of projects that are assigned to them
• Should have good project management & execution skills with respect to tasks and ensure completion.
• Process oriented skills are advantageous.
• Experience with technologies/concepts such as OAuth, AI, Blockchain, Robotics, SecDevOps, SAML, OWASP Top 10.

WHY JOIN US?

We aspire to be an employee’s employer of choice. We believe, we can help you realize your true potential by providing the right opportunities. At Emirates NBD we are reimagining the future of work so that you can unlock your potential, every day we want to ensure, every employee can exceed in the future of work by upskilling, building new digital skills and knowledge. Our goal is to empower our employees to build career experiences and skills they need in the future and that will produce a great outcome for our bank as well, we want our employees no matter their background, location, preferences to feel engaged to one Emirates NBD team.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. ENBD is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment, however due to high volume of applicants, only SHORTLISTED candidates will be contacted.