COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the United Arab Emirates with a Brand value of USD 3.89 billion.

At the bank, we serve our customers and help them realize their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations.

The formation of the Group Information Security function is to ensure Emirates NBD information and data is resilient against external and internal security threats embed information security mindset as a core element of organization business strategy and provide an independent & objective view of Emirates NBD Security posture to the management committees. The unit exists to provide secure banking environment for our customer and employees.

JOB PURPOSE

The Manager - Threat Intelligence is responsible for managing cyber intelligence collection, analysis, dissemination and correlation combined with effective reporting for senior management.

They will also act as standby resources for managing the incident processes to ensure they are well drilled and effective. Maintain acceptable cyber hygiene levels and ensure the goals of the unit are met.

Threat Intelligence

• Collect and analyze open-source intelligence (OSINT)
• Develop technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs).
• Draft, edit, and review threat intelligence analysis from multiple sources
• Manage vendor relationships
• Develop intelligence on, characterize, and track threat actors’ activities, ranging from tactical level capabilities to global operations
• Produce intelligence reporting (ranging from short to longer reports) on threat and threat actor activities
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of threat actors;
• In collaboration with other members on the team, identify and hunt for related TTPs and Indicators of Compromise (IOCs) across all internal/external repositories
• Correlate collected intelligence, to build upon a larger knowledge base of tracked threat activity
• Provide both technical and executive level intelligence briefings / presentations
• IOC collection and management

Incident Management

• Lead the investigation and/or containment teams during an incident.
• Present technical findings (investigative or otherwise) to senior management.
• Prepare and meet SLA’s defined for Incident Management.
• Prepare and provide relevant reports for identified incidents.
• Prepare and maintain relevant documentation for Incident Management.
• Ensure the relevant documentation is kept upto date at all times.
• Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.

Security Monitoring

• Assist in the Cyber Security Monitoring Operations of the Bank.
• Keep up to date on the latest security threats and feed them into the Monitoring Operations to help ensure those are pro-actively detected and mitigated in the Bank.
• Assist in the timely reporting of Security incidents to relevant stakeholders.
• Assist in ensuring Monitoring should be continuous, covering 24/7 operations.
• Assist in the preparation and maintenance of relevant documentation for Cyber Security team.
• Highlight gaps and recommend sound security practices to improve the monitoring.
• Be a cost-effective solutions provider for security gaps.

Threat Hunting

• Proactively and iteratively search through networks and datasets to detect advanced threats that evade automated tools.
• Use both manual and machine assisted techniques to find the Tactics, Techniques and Procedures of advanced adversaries.
• Trace attacker paths and detect suspicious patterns of threat actors.
• Research innovative methods for making Threat Hunting more efficient and effective.
• Develop processes and procedures for conducting continuous threat hunting as per industry best practices.
• Collaborate to enhance the wider team’s operational/tactical intelligence products and to leverage them for targeted hunts.
• Provide corrective recommendations to enhance any identified gaps in visibility and detection.

People Management

• Ensure that security SMEs reporting to this role maintain quality.
• Coach, mentor and manage security SMEs to ensure quality delivery
• Assist security engineers in decision making when it comes to security incidents.
• Manage conflicts within the team.
• Identify and ensure team and self is kept up to date with highest level of technical acumen.

Project Management

• Suggest new solutions to improve the Security Monitoring posture of the Group.
• Conduct PoCs for new technologies which could help uplift the level of Security within the Group.
• Run security projects end to end where necessary.

KEY REQUIREMENTS

Education

• ESSENTIAL: Bachelor's degree in a computer-related field such as Computer Science, Management Information System or Information Science or Mathematics
• DESIRABLE: Master’s degree in Business Administration, Information Security, Human Resource Management, Finance or International Business or Executive Education from reputed institutes like Harvard

Certifications

• ESSENTIAL: GREM, GCIH, GCFA, OCSP, EnCE, CISSP

Experiences

• 5 years of experience in Cloud Security, Cyber Hunt, or other technical Information Security positions.
• 7-10+ years of Technology experience (overall)

Key Skills

• Cyber Threat intelligence technologies (Threat Intelligence Platforms (TIPS), malware analysis platforms, Maltego, etc.)
• Familiarity with investigative tools and techniques such as host and network-based analysis tools, forensic tools (Encase, Paraben, etc.), volatile memory analysis techniques.
• Multiple operating systems, such as Windows, Linux/Unix, and Mac/OSX
• Scripting (Shell/Python/R/etc.) / Programming in support of data analysis
• Big Data analysis experience (Hadoop/Tableau/MongoDB/etc.)
• Superior written and verbal communication skills in order to effectively communicate security threats and recommendations to technical or non-technical stakeholders
• Good hands-on experience with infrastructure technologies that involve perimeter protection, core protection and end-point protection/detection
• Penetration testing experience is desirable. Must be able to understand and mitigate security issues that relate to applications.
• Takes responsibility and ownership for the security of projects that are assigned to them
• Should have good project management & execution skills with respect to tasks and ensure completion
• Process-oriented skills are advantageous
• Coding & Programming skills are mandatory. (Primarily Python Coding)
• Experience with technologies/concepts such as OAuth, AI, Blockchain, Robotics, SecDevOps, SAML, OWASP Top 10

WHY JOIN US?

We aspire to be an employee’s employer of choice. We believe, we can help you realize your true potential by providing the right opportunities. At Emirates NBD we are reimagining the future of work so that you can unlock your potential, every day we want to ensure, every employee can exceed in the future of work by upskilling, building new digital skills and knowledge. Our goal is to empower our employees to build career experiences and skills they need in the future and that will produce a great outcome for our bank as well, we want our employees no matter their background, location, preferences to feel engaged to one Emirates NBD team.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. ENBD is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment, however due to high volume of applicants, only SHORTLISTED candidates will be contacted.