Our technology teams are responsible for the Bank’s entire information technology (“IT”) infrastructure, and the development, implementation, and protection of the software required to support all of the Bank’s businesses. We move over EUR 1.6 trillion across the Bank’s platforms, support thousands of trading desks, and enable millions of banking transactions, share trades and emails every day.
With award-winning mobile banking apps and trading systems, our technology platforms help Deutsche Bank deliver high quality products to clients. Naturally, we make sure that the phones work, emails are delivered and PCs run – but we also develop collaboration platforms and workspaces that help our people share their knowledge, expertise and passion for our business.
Developments in technology are changing the way we communicate, work and think. Join us here, and you’ll constantly be looking ahead. We’ll look to you to capitalize on new technological trends that can reshape our business and deliver value for our clients, whilst still meeting the demands of customers, regulators and the markets.
Job Position: Information Security Specialist
Corporate Title: Assistant Vice President
Chief Information Security Office
The DB Chief Information Security Office (CISO) as part of the Chief Operating Office is responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls and direct the establishment and implementation of policies and procedures.
The Information Security Specialist is responsible for the deep analysis of IT threats against Deutsche Bank. Specialists are highly active with the Security Incident Management, Cyber Threat Operations teams and liaise with other central functions on a management level.
Role specific topics cover all aspects of the Malware Analysis and Digital Forensics Incident Response (DFIR) from discovery, validation to reporting in order to strengthen the Incident Response process globally in response to recent events. This enhanced response capability will provide rapid and effective response to sophisticated modern cyber threats and attacks.
Tasks / Responsibilities:
- Manage local cyber forensics cases and investigation cycle responding to cyber threats such as cyber intrusions, malware, security control breaches, data loss and others
- Continuously develop and enhance the cyber forensics framework to reach a high maturity by an effective, rapid and at the same time forensic-sound processes
- Discover unknown attack vectors utilizing forensic techniques as well as self-generated IOCs and feedback lessons learned to other teams such as threat intelligence and threat discovery
- Mature cyber response & investigations activates by development and automation of triage and analysis techniques
- Provide strategic, tactical and operational investigation briefings to internal and external stakeholders
- Dissect artifacts from potentially compromised systems with the help of static and dynamic analysis methods, and correlate respective findings with network and application log files
- Identify infection vectors and respective possible counter measures for security threats targeting Deutsche Bank and/or its customers
- Represent Deutsche Bank at security-related forums and participate in private security peer groups. Provide and share information to industry benchmarking during regional incident or crisis management.
- Initiates independent reviews to identify, highlight and document risk issues and ensures follow up
- 3-5 years of security experience in a technical role, mainly in the area of Incident Response, Forensics or Malware analysis
- Comprehensive knowledge of the threat landscape, adversary tactics, techniques, and procedures (TTP), general attack stages, kill-chain and attack types
- Excellent technical understanding of enterprise grade technologies including security devices, network engineering, operating systems, databases and applications and their security settings and configurations
- Excellent analytical skills to evaluate problem, root cause and inform/test resolution
- Excellent team worker, able to work in virtual global teams in a matrix organization
- Relevant experience in Project Management
- Good communication skills, fluent in English (written/verbal) and local language as appropriate
- Expert knowledge in a minimum of three and basic experience in all of the following fields: Network forensic, Windows forensic, Unix forensic, Memory forensic, Reverse Engineering, Mobile device forensic.
- Experience working within a Digital Forensic Incident Response team
- Ability to understand, verify and explain the traditional vulnerability classes we can find in modern software or systems and explain the exploitation method
- Ability to understand and test exploits to assess the impact on the environment
- Ability to run ad-hoc vulnerability scan’s using tools (e.g., Nessus, OpenVAS, Acunetix) and small ad-hoc penetration tests and report the vulnerability impact
- Knowledge of higher level languages such as C/C++, Java, VB and at least one scripting language such as Perl, Python or Ruby
- Knowledge of Webserver Security (e.g., Apache, IIS, Mod-security)
- Knowledge of low level computer architecture
- Knowledge of low level system and/or network programming
- Strong knowledge of approaches for statically and dynamically analyzing malicious artifacts
- High familiarity with common software disassemblers, preferably IDA Pro, and of at least one of the following debuggers: WinDBG, OllyDBG, ImmDbg
Education | Certification (Recommended):
- Degree from an accredited college or university (or equivalent) preferred
- GIAC/SANS forensic training and certification or equivalent
- CISSP (Certified Information Systems Security Professional) or equivalent