Description

Sber's Cybersecurity Center is looking for a Principal Use Cases Expert.

Responsibilities

Your tasks will include:

• creation and maintenance of Use Cases (SIEM correlation rules) across all stages of the lifecycle: onboarding data sources, generating and processing ideas for new Use Cases, development, configuration, and testing of correlation rules
• using post-exploitation tools and frameworks to test cyber attack vectors and correlation rules
• analyzing cybersecurity events from various infrastructure (network, host, security tools) and application (DBMS, Web) sources
• retrospective search for Indicators of Compromise (IoCs) and analysis of results
• analyzing external/internal sources of cyber threat intelligence (incident reports, penetration testing reports, vendor research) to enrich the internal cyber threat knowledge base
• researching available and developing own tools for conducting and automating the collection and analysis of artifacts
• participating in the development of the Bank's own platforms (TIP, BAS, XDR, SIEM) and related projects.

Requirements

What is important to us:

• higher basic technical education in cybersecurity (information security) or IT from a technical university
• knowledge of Windows/Linux OS architecture and directory services Active Directory/FreeIPA
• knowledge of network protocols (standard TCP/IP stack protocols, Ethernet, 802.1X, Kerberos, LDAP, SMB, Web, etc.) and principles of network equipment operation
• knowledge of threat models KillChain, MITRE ATT&CK (key TTPs) and Pyramid of Pain
• skills in working with tools and frameworks for conducting cyber attacks (netcat, Metasploit, Cobalt Strike, Sliver, Havoc, Impacket, Responder, Chisel, etc.), as well as for testing PoCs and exploits.

Will be a plus:

• relevant work experience in a similar position
• skills in writing threat hunting hypotheses and detection rules YARA, Suricata/Snort, Sigma
• having relevant professional certifications
• proficiency in English (Intermediate level and above).

Conditions

We offer:

• comfortable modern office
• opportunity to choose a convenient schedule – office/hybrid
• annual salary review, annual bonus
• corporate gym and relaxation areas
• more than 400 educational programs from SberUniversity for professional and career development
• onboarding program and manager's assistance at the start
• extended voluntary health insurance, preferential insurance for family, and corporate pension program
• flexible mortgage discount, equal to 1/3 of the Central Bank's key rate
• free SberPrime+ subscription, discounts on products from partner companies
• referral bonus for recommending friends to the Sber team.