Description

Today, fraud in our country is reaching the scale of a national disaster – resulting in billions in annual losses for citizens. At Sber, ensuring the security of clients' funds is one of the priority areas, and for several years now the Bank has been successfully addressing all challenges in the sphere of social engineering. In 2025, fraud amounting to over 368 billion rubles was prevented. To protect its clients, Sber uses a unique fraud monitoring system that identifies 99.9% of all fraud attempts.

We are a team of experts providing 24/7/365 online/offline security for millions of the Bank's clients. Through in-depth analytics, prompt decisions, and the cohesive actions of our team, we effectively identify risks to the security of our products. A proactive approach, combining technology and expertise, helps not only to prevent fraud but also to strengthen customer trust. We conduct large-scale work to improve the cyber literacy of the population, turning each user into an aware and prepared defender of their assets.

In the context of rapid digitalization and the increasing sophistication of fraudulent schemes, the effective work of the team directly depends on its comprehensive development and the recruitment of professionals. If you are looking for a job where you can influence the security of our products and educate people on protecting their finances, join us!

Responsibilities

• Conducting internal cybersecurity investigations: from analyzing internal incidents and phishing attacks to identifying and researching new fraud schemes.
• Formulating, testing, and developing analytical hypotheses based on large datasets, including with a focus on identifying business risks and financial/reputational damage.
• Analyzing data from diverse sources (logs, security events, transactional and behavioral data).
• Interacting with security, IT, and business units during investigations, translating technical findings into the language of business and risks.
• Preparing analytical reports, conclusions, and recommendations based on investigation results (including: assessing the impact of incidents on business, proposals for risk reduction and preventing repeat incidents).
• Preparing and delivering presentations for management: clear presentation of investigation results, conclusions, and achieved business impact (risk reduction, prevented damage, increased efficiency).

Requirements

• Experience in the cybersecurity field in the area of incident investigation. Practical experience with SIEM, DLP, EDR class systems and other monitoring and protection tools.
• Experience with Big Data tools: Python at the data analyst level, writing complex SQL / PySpark queries, extracting, aggregating, and analyzing data from various sources to test analytical hypotheses. Understanding the principles of distributed storage and analytical platforms.
• Knowledge of OSINT methods and experience working with open sources of information.
• Ability to work with confidential and sensitive information.
• Experience in preparing analytical reports, action plans, and presentation materials based on investigation results, oriented towards management and business decisions.

Will be a plus:

• Knowledge and practical experience in the field of digital forensics.
• Experience in public speaking (conferences, forums, internal meetups).
• Practical experience in applying AI tools to automate one's work: developing one's own tools, using open-source solutions, applying LLMs, ML models, or rule-based systems for data analysis and investigation support.

Conditions

• Innovative, ambitious projects and tasks that develop: there is always an opportunity to upgrade your skills and grow professionally;
• An environment for knowledge sharing – high expertise within the team;
• Our culture is created by the employees themselves – we listen to them and help create and maintain corporate communities based on interests
• Stable salary and annual bonus;
• Modern IT office near Moscow City, a five-minute walk from Kutuzovskaya metro station, with a fitness center;
• More than 400 educational programs from SberUniversity for professional and career development;
• Extended voluntary health insurance, preferential insurance for family, and a corporate pension program;
• Flexible mortgage discount equal to 1/3 of the Central Bank's key rate;
• Free subscription to SberPrime+, discounts on products from partner companies;
• Reward for recommending friends to join the Sber team.