IT Analyst (Security)

About the Role

The Senior IT Analyst (Security) will be responsible for reviewing, administering, tracking, and remediating potential

security incidents across the bank. A successful candidate will be detail oriented, have a strong interest in system and

network security and desire to be a member of a teamwork-oriented organization. Daily responsibilities will focus on

security operations tasks (maintain availability, vulnerability scanning, log analysis, incident response, and investigation).

Interaction with various operations teams to validate and remediate security incidents with a focus on service is key to the

overall corporate security program.

Scope of Work/Responsibilities

Specific tasks and service requirements required on a daily basis.

1. Security Event Analysis, Incident Management

- Analyze and respond to security events from SIEM, EDR, NDR, and other systems.

- Manage incident detection, triaging, intrusion attempts, breaches, and malware infections

- Conduct phishing analysis, manage suspicious emails, and quarantine emails/files before release.

2. Threat Analysis

- Conduct malware analysis, threat hunting, and share indicators of compromise with stakeholders.

3. Cyber Security Operations Collaboration:

- Participate in roundtable discussions to share insights, discuss notable incidents, and improvements.

- Communicate and discuss requests received by ITOD-CS and other ITD teams.

- Provide input for system fine-tuning and noise reduction.

3. Incident Metrics and Monitoring:

- Conduct reviews of Open Promoted Incidents to ensure alignment with defined reference values, contributing to the

overall Cyber Security Operations Team performance

- Contribute to the identification and resolution of aging incidents, ensuring healthy metrics in terms of quality and

quantity, such as the Mean Time to Closure (MTTC) below the agreed-upon threshold.

4. Security Monitoring and Infrastructure Management:

- Monitor the availability of security systems and ingestion from log sources.

- Assist with workstations, software, and file scanning or other end-user security concerns.

- Help with the Endpoint Detection and Response (EDR) policies and server application whitelisting.

5. Process Documentation and Automation:

- Document, automate security processes, and support SOAR efforts.

6. Collaboration and Communication:

- Coordinate with team members and MSSP for incident resolution, fine-tuning, and noise reduction

- Collaborates with the reporting line and ITOD-CS for compliance management, data security, security architecture,

cyber hygiene, risk governance, security audits, and operational support for the incident response, such as brand

protection, phishing investigations, and USB unblocking.

- Collaborate with the vulnerability management effort, especially in the dissemination and reporting

7. Continuous Improvement and Reporting:

- Stay updated on security trends, translating insights into actionable improvements, and provide training and

mentoring to colleagues.

- Escalate or report significant security detections to the report line, including notable events, alerts, or threats that are

typically not generated, detections concerning VIPs, among other notable findings

Requirement and Qualification (Education & Work Experience)

This section is used to describe what knowledge, skills, and abilities are required to perform the daily tasks and duties

listed above.

Qualifications:

Bachelor's degree in Computer Science or a similar field.

Effective oral and written communication skills, with strong issue resolution, negotiation, critical thinking, and

analytical capabilities.

Experience in Linux, Windows, or Networking troubleshooting.

Familiar with the following technologies: Windows, Linux, and Active Directory (e.g., GPO and security events).

Experience and knowledge working with cloud and virtualization environments.

Microsoft Azure and/or AWS certifications would be strongly preferred.

Possess one or more IT certifications for OS platforms and security, such as Windows Server Certified,

Security+, CEH, Linux OS Certified, Azure, or AWS.