Reporting to the Head of Information Security Cyber Defense Operations. The threat defense operations manager is responsible for the creation of detection logic and the maintenance of data source containing information on indicators, correlations, and existing detection logic. The employee works closely with information security teams, Information Technology Department (ITD) and other business departments to identify data sources, develop use cases, and advise on SIEM configuration.

Key Accountabilities of the role:

  • Develop and maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in in ADIB's cyber defense operations
  • Work closely with ITD to review alerts generated by detection infrastructure, specifically false positive alerts
  • Analyze threat information gathered from internal and external sources such as generated logs, Intrusion Detection Systems (IDS), intelligence reports from Cyber Threat Intelligence, and relevant vendor site
  • Continually analyse security stack and gather log ingestion feedback to discover gaps and prioritize detection needs
  • In collaboration with other members of information security, identify and hunt for threat actor groups, related tools, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs)
  • Prioritize detection needs and identify improvement areas
  • Create detection logic tailored to the Group threat landscape using industry-specific intelligence and developed use cases in the form of threat rules and signatures
  • Work closely with ITD to add data sources and advise on SIEM configuration
  • Operationalize the identified Indicator of Compromise by testing, and overseeing the deployment of SIEM monitoring and alerting rules
  • Support Cyber Threat Intelligence and IS Risk Management teams by providing them with the adequate threat landscape context to be reflected within group threat and risk management activities
  • Maintain the data source catalog containing information on indicators, correlations and existing detection logic
  • Work with Threat Analysts to identify and recommend new internal and external data sources to leverage for developing additional threat detection logic
  • Monitor existing detection logic for efficacy and decommission/age-off rules after testing

Specialist Skills / Technical Knowledge Required for this role:

  • Knowledge of banking processes and modus operandi
  • Strong knowledge in information security processes, services, and systems
  • Strong knowledge of threat hunting techniques, zero-day exploit activities, and malware identification
  • Strong knowledge of network monitoring and network exploitation techniques
  • Strong knowledge of SIEM configuration requirements and logic
  • Good understanding of network protocols and web application attacks
  • Knowledge of ISO 27001, NESA, PCI DSS, SWIFT and other security standards and regulations
  • Bachelor's degree in Computer Science, Engineering, IT, or a related technical discipline
  • Professional certification such as Security+, CEH, GCIA, GCIH, CISSP

Previous Experience:

  • More than 7-9 years of experience in performing information security threat hunting in large international banks or financial institutions
  • Experience with scripting/programming, exploitation techniques and use case development
  • Experience with common attack vectors and IOC datasets
  • Experience with SIEM configuration logic development


0 - 0 AED

Monthly based


Abu Dhabi Emirate , United Arab Emirates

Job Benefits
Coworking budget
Job Overview
Job Posted:
1 month ago
Job Type
Full Time
Job Role
Bachelor Degree
10+ Years
Total Vacancies

Job Tags:

Share This Job:


Abu Dhabi Emirate , United Arab Emirates