Cyber Security Investigator and Threat Hunter

Scroll to content

Are you passionate about threat hunting and cyber security investigation?

With us you have the opportunity to:

  • Play a critical role in ensuring security incidents never happen (again) by working together with the rest of the bank. You will help protect us every single day and you make us better, day in and day out
  • Be a part of Swedbank's Cyber Defense Center that protects the bank against cyber attacks. We have tools and services that identify potentially divergent behaviors that suggest infringement or violation of our internal policies based on Behavioral Analysis, Data Analysis and Data Correlations
  • As an analyst in our team, you will be primarily responsible for developing, providing and implementing use cases for this tool
  • Conduct workshops together with our information security managers and officers to identify which behaviors may indicate infringement or violation of regulations and how to detect them. You transform this knowledge into use cases, which include mappings to machine learning models and rules that form the basis for the use case
  • You ensure that log data contained in the Security Information and Event Management (SIEM) System is complete, not redundant, and meets the quality requirements that exist for models and rules to be implemented with a low degree of false positives
  • Work together, in conjunction with our security architects, with the business areas and their developers so that everything needed in log data to detect deviant behaviors is in place. As part of the use case work, you work with our Security Operations Center and the Computer Security Incident Response Team to describe how alarms should be handled and how the tool helps to quickly implement cyber incident management and threat hunting
  • Work closely with the team that manages the operation of the tool and ensures that data parsing is done correctly. Together with our teams within Threat Intelligence and Threat Hunting, you develop and implement new cyber security use cases that address new and changing behavior of external opponents. You are also responsible for the life cycle of these use cases
  • Since cyber criminals do not keep business hours the job includes on-call duties on a scheduled and rotating basis. The frequency is less than one week per month

What you need in this role:

  • This role involves handling very sensitive cases which require access to a lot of personal and confidential information. Therefore, we will put a lot of effort on assessing your personality during the recruiting process
  • We like to see that you exhibit a high level of personal integrity and personal responsibility
  • We like to see that you work well under pressure, while remaining cool and focused. We also like to see that you can multitask, handling different tasks in parallel as an incident develops
  • A long experience with IT incident response, operations or engineering is required
  • Since understanding what cyber criminals do in our IT environment is like searching for a needle in a haystack, and the haystack consists of all the different IT systems in the Bank, we like to see that you are intimately familiar with a few of these systems. The work is deeply technical, and you need to be comfortable around a command line and log files
  • The total set of skills which the SIRT needs is listed below, and you contribute to it in two or more areas. Even if you are not a security aficionado today, but aim to become one, your core skills in these areas may make you the perfect candidate:
    • IT systems within one or more verticals in the Bank, such as digital banking, payments in general and cards in particular, core banking, etc
    • Windows incl. Powershell scripting
    • Linux and Unix incl. scripting
    • Log analysis, with a deep knowledge of log contents, their meaning, SIEM and UEBA tools and how to search for and identify suspicious patterns in them
    • Big data analysis, statistics, R, machine learning algorithms, mathematics
    • Threat hunting
    • Cloud security (private and public)
    • Malware analysis and reverse engineering
    • Software development (e.g. Java and Python) and API threat analysis, incl. custom tool development
    • Threat intelligence
    • Computer forensics
    • Networking and network security (incl. WiFi), such as routing/switching, firewalls, IDS/IPS and network traffic analysis
    • Behavioral Analysis

"Join our team and ...

... be a part of an engaging environment where you will work closely together with highly skilled, ambitious and experienced colleagues who will help and push you to the next level. You will work in an international organization adopting new technologies at an early stage and be part of interesting and challenging projects. Your work will be widely used both by the organization and external clients. I truly believe in the collaboration, teamwork and team spirit – it is the key to success. We need to enjoy what we do! For me, it is important to have a work environment where you feel your importance, have the possibility to grow as a person and at the same time have fun." Yakup Güneyli, your future leader

We look forward to your application at the latest 03.12.2020. 

Location: Tallinn, Stockholm

Contacts  

Recruiting manager: Yakup Güneyli +372 53 329 800

Career Specialist: Johanna Elisabeth Taalmann (johanna.taalmann@swedbank.ee)

We may begin the selection during the application period, so we welcome your application as soon as possible.

Nothing of interest for you – recommend the job to a friend!

We have made our choice regarding recruitment media and therefore kindly decline contact with ad sellers or sellers of other recruitment services.

Swedbank does not discriminate anybody based on gender, age, sexual orientation or sexual identity, ethnicity, religion or disability – everybody is welcome.

Or, know someone who would be a perfect fit? Let them know!

Job area

Workplace and culture

We are about 15 000 colleagues working mainly in Sweden, Estonia, Latvia and Lithuania.

Working together is important to us. We achieve the best results when we learn from each other and use our values Open, Simple, Caring to guide us every day.

We believe in diversity and inclusion and show this by treating customers and colleagues in the same respectful way.

Get to know us better

Teamtailor

Career site by Teamtailor