Market & Treasury Credit Risk

Website Emirates NBD

Job Description:

The Cloud Security specialist role is responsible for effectively detecting, responding to, and mitigating threats targeting EmiratesNBD’s cloud infrastructure and data. They will also act as standby resources for conducting the incident processes to ensure they are well drilled and effective. Maintain acceptable cyber hygiene levels and ensure the goals of the unit are met.

Job Responsibilities:

  • Utilize threat intelligence sources and security data to detect cloud-specific threats such as misconfigurations, account compromises, and privilege escalation.
  • Use both manual and machine assisted techniques to find the Tactics, Techniques and Procedures of advanced adversaries.
  • Trace attacker paths and detect suspicious patterns of threat actors.
  • Research innovative methods for making Threat Hunting more efficient and effective.
  • Utilize digital forensics tools and techniques to perform in-depth analysis of compromised cloud instances, identifying attack vectors and post-incident indicators.
  • Develop acquisition and processing workflows to acquire and process cloud forensic artefacts.
  • Employ automated incident triage solutions to quickly assess the severity and impact of security alerts, prioritizing critical incidents for immediate response.
  • Execute incident response playbooks tailored to different cloud attack scenarios, ensuring the proper sequence of actions during each phase of incident handling.
  • Swiftly contain and isolate affected cloud resources to prevent further spread of the attack and conduct thorough investigations to identify the root cause of the incident.
  • Ensure the relevant documentation is kept upto date at all times.
  • Proactively identify gaps and remediate them to keep observations from Auditors and Regulators to a minimum.
  • Help the CSIRT during security incidents.
  • Ensure that peers maintain quality.
  • Coach, guide and mentor peers to ensure quality delivery
  • Assist security team members in decision making when it comes to security incidents.
  • Guide peers during conflicts within the team.
  • Guide the team and self with upto date and highest level of technical acumen.
  • Suggest new solutions to improve the Security Monitoring posture of the Group.
  • Conduct PoCs for new technologies which could help uplift the level of Security within the Group.
  • Deploy machine learning-based anomaly detection to identify unusual user behaviors and potential account compromises within cloud environments.
  • Implement serverless security monitoring solutions to detect potential threats targeting serverless functions and ensure secure serverless application development.
  • Continuously review and enhance cloud security monitoring strategies, taking into account the evolving threat landscape and the cloud environment’s changes.
  • Leverage CASB solutions to monitor and control data access and movement between cloud services and users, mitigating insider threats and unauthorized activities.
  • Conduct regular audits of Identity and Access Management (IAM) configurations, ensuring proper access controls and permissions across cloud resources.

Job Requirements:

  • Expert understanding of a company’s business processes, technology and information systems.
  • Must have knowledge on application and infrastructure security threats and mitigating measures.
  • Deep knowledge on all aspects of Information Security concepts from broad range of technical and non- technical areas.
  • Good negotiation skills will be desirable.
  • Ability to understand regulatory requirements and process efficiency frameworks.
  • Ability to understand the details of ground level security issues, and its management.
  • Good hands on experience with traditional infrastructure technologies that involve perimeter protection, core protection and end-point protection/detection.
  • Proficiency in designing and implementing cloud security architectures with a comprehensive understanding of network segmentation, secure gateway configurations, and application security controls.
  • Expertise in setting up robust cloud monitoring and logging solutions, utilizing tools such as CloudWatch, Azure Monitor, for continuous monitoring of cloud resources. Proficient in creating custom alerts and integrating with incident management platforms for timely response.
  • Proven ability to implement runtime security measures, utilizing container security solutions like Kubernetes RBAC, Pod Security Policies, and image scanning to ensure the integrity and security of applications during runtime.
  • Proficiency in integrating security seamlessly into the CI/CD pipeline, leveraging tools like Jenkins, GitLab, and GitHub Actions for automated security testing and vulnerability assessments.
  • Adept at configuring granular IAM policies, implementing role-based access controls, and integrating Identity Providers (IdPs) to facilitate Single Sign-On (SSO) for heightened access control.
  • In-depth understanding of cloud compliance frameworks, including GDPR, HIPAA, and PCI-DSS. Proficient in mapping controls, conducting compliance audits, and producing documentation for certifications.
  • Proven expertise in devising incident response plans, developing Security Operation Center (SOC) playbooks, and utilizing advanced SIEM solutions for real-time threat detection and response.
  • Knowledge of current adversary techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.
  • Penetration testing experience is desirable. Must be able to understand and mitigate security issues that relate to applications.
  • Takes responsibility and ownership for the security of projects that are assigned to them
  • Should have good project management & execution skills with respect to tasks and ensure completion.
  • Process oriented skills are advantageous.
  • Experience with technologies/concepts such as OAuth, AI, Blockchain, Robotics, SecDevOps, SAML, OWASP Top 10.
  • Ability to monitor and enforce improvements when necessary, in line with regulatory requirements or best practices.
  • Good knowledge of risk management frameworks and how to identify, manage and mitigate risk.
  • Ability to create and review security policies, standards, procedures and hardening baselines
  • Strong understanding of the cloud technology stacks for Microsoft Azure, Amazon AWS, Google Cloud Platform and Oracle Cloud.
  • Strong grasp of SecDevOps practices.

Job Details:


Company: Emirates NBD

Vacancy Type: Full Time

Job Location: Dubai, UAE

Application Deadline: N/A

To apply for this job please visit www.linkedin.com.


 Report Job
Back to top button