Description

Job location
Jeddah

Job summary
Collects and analyzes multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors’ Tactics, Techniques and Procedures (TTPs), and to derive and report indicators that help organizations detect and predict cyber incidents and protect systems and networks from cyber threats.

Proactively searches for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs) and recommends mitigation plans.

Monitor, validate, and report threat activities, and continuously ensure compliance with SAMA CSF, SAMA CTIP, and NCA-related controls.

Responsibilities
• Conduct research and analysis with regard to cybersecurity/information security threats.
• Track the status of requests for information in line with the organization's policies.
• Use knowledge of threat actor’s activities to inform the organization's response to a cyber-incident, and to build a common understanding of the organization's current cyber risk profile.
• Coordinate, validate, and manage the organization's cyber threat intelligence sources and feeds.
• Identify information gaps in threat intelligence and assess their implications for the organization.
• Prepare and deliver briefs on specific threats to the organization.
• Evaluate threat decision-making processes.
• Identify the principal threats to the organization's known vulnerabilities.
• Identify threat tactics and methodologies.
• Monitor and report changes in threat dispositions, activities, tactics, capabilities, and objectives.
• Monitor and report on validated threat activities.
• Monitor open-source websites for hostile content directed towards organizational or partner interests.
• Monitor and report on threat actor activities to fulfill the organization's threat intelligence and reporting requirements.
• Use expertise on threat actors and activities to support activities to plan and develop the organization's cybersecurity strategy and resources.
• Provide information and assessments of threat actors to assist stakeholders in planning and executing cybersecurity activities.
• Provide real-time cyber threat intelligence analysis and support during cybersecurity incidents and exercises.
• Monitor cyber threat intelligence feeds and report significant network events and intrusions.
• Provide current intelligence support to critical internal/external stakeholders as appropriate.
• Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations.
• Provide timely notice of imminent or hostile intentions or activities that may impact organization objectives, resources, or capabilities
• Utilize the existing related security tools, SIEM, SOAR, EDR, NDR, Threat Management solutions, and Sandboxing, for your day-to-day activities and prepare the knowledge base articles for the investigation’s cases.
• Monitor and report on validated threat activities.
• Use packet analysis tools to validate intrusion detection system alerts.
• Provide timely detection, identification, and alerting of possible attacks, anomalous activities, and misuse activities and distinguish them from benign activities.
• Perform incident handling, event triage, network analysis, threat detection, trend analysis, metric development, and vulnerability information dissemination.
• Maintain an updated repository YARA & Sigma rules.
• Maintain an updated repository of sanitized IOCs.

Compliance
• Ensure compliance with SAMA CSF Framework, with regard to function-related domains/controls.
• Ensure compliance with SAMA Financial Sector CTIP Framework.
• Ensure compliance with NCA Frameworks, with regard to function-related domains/controls.
• Conduct reviews annually on function-related policies and procedures and provide corrective changes accordingly.
• Conduct GAP assessment regularly, to identify gaps, and recommend action plans for implementation.
• Defined Framework function-related KPIs and monitored them quarterly.
• Ensure the Frameworks-related domains/controls evidence folder is updated quarterly.
• Provide a report quarterly to the direct manager with regard to the Framework compliance status.
• On a monthly basis prepare a threat advisory based on “SAMA Guideline on Cyber Security Sharing of Incidents and Imminent Threats with SAMA” and “SAMA Threat Advisory guidelines” to the direct manager.

Qualifications
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
• Preferably (1-2) years of relevant post-qualification experience.