Head of Cyber Defense & Threat Intelligence

George Bernard Consulting

Job Location:

Colombo - Sri Lanka

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Define and maintain enterprise cyber threat detection and response strategy across all technology domains
Ensure detection capabilities are aligned with threat intelligence and MITRE ATT&CK techniques relevant to the Bank
Provide oversight of SOC operations including alert handling escalation processes monitoring quality and operational effectiveness
Ensure SOC coverage across endpoints networks applications identities cloud environments and third-party systems
Lead detection engineering activities including design tuning validation and improvement of detection use cases across SIEM EDR/XDR IAM email network and cloud platforms
Maintain a threat coverage matrix mapping detection capability against MITRE ATT&CK techniques and identify gaps in coverage
Improve detection quality by reducing false positives and strengthening telemetry correlation logic and logging coverage
Establish and operate a threat intelligence capability to monitor adversaries attack campaigns vulnerabilities fraud-related threats and industry trends
Convert threat intelligence into actionable detections hunting scenarios executive alerts and security improvements
Own and govern the cyber incident response framework including severity classification playbooks escalation paths and post-incident reviews
Lead or coordinate response to major cyber incidents in collaboration with technical and business teams
Ensure incident handling includes proper evidence collection root cause analysis and structured documentation
Develop and maintain structured threat hunting programs driven by intelligence hypotheses and incident learnings
Coordinate proactive hunting across critical systems and environments to identify hidden threats
Lead cyber exercises including tabletop simulations purple teaming breach simulation and detection validation exercises
Ensure gaps identified through exercises are converted into remediation and control improvements
Define direction for digital forensics readiness including evidence handling chain of custody and external forensic coordination
Ensure forensic outputs support regulatory reporting remediation and continuous improvement
Provide regular reporting on threat landscape incident trends detection performance and cyber risk posture
Support CISO reporting to senior management ISC and Board-level committees
Track and ensure closure of remediation actions arising from incidents exercises and control assessments
Drive continuous improvement in cyber defense maturity across people process and technology

Requirements

Bachelors degree in Cybersecurity Computer Science Information Technology Engineering or related field
Postgraduate qualification is preferred
Professional certifications such as CISSP CISM or GIAC (GCIA GCIH GCED GNFA) are preferred
Additional certifications in incident response or digital forensics are an advantage
1520 years of experience in cybersecurity SOC operations threat intelligence incident response or cyber defense roles
At least 810 years of experience in banking financial services or other high-security regulated environments
Proven experience leading SOC operations major incident response or enterprise detection engineering programs
Strong technical understanding of security operations tools SIEM EDR/XDR cloud security and network monitoring
Strong knowledge of MITRE ATT&CK and familiarity with MITRE D3FEND concepts
Strong analytical and problem-solving capability in high-pressure environments
Strong leadership skills with ability to manage crisis situations calmly and effectively
Strong communication skills to translate technical incidents into business and risk language
Strong stakeholder management and ability to coordinate across IT security and business teams
Strong continuous improvement mindset focused on strengthening cyber resilience

Define and maintain enterprise cyber threat detection and response strategy across all technology domainsEnsure detection capabilities are aligned with threat intelligence and MITRE ATT&CK techniques relevant to the BankProvide oversight of SOC operations including alert handling escalation processe...

Define and maintain enterprise cyber threat detection and response strategy across all technology domains
Ensure detection capabilities are aligned with threat intelligence and MITRE ATT&CK techniques relevant to the Bank
Provide oversight of SOC operations including alert handling escalation processes monitoring quality and operational effectiveness
Ensure SOC coverage across endpoints networks applications identities cloud environments and third-party systems
Lead detection engineering activities including design tuning validation and improvement of detection use cases across SIEM EDR/XDR IAM email network and cloud platforms
Maintain a threat coverage matrix mapping detection capability against MITRE ATT&CK techniques and identify gaps in coverage
Improve detection quality by reducing false positives and strengthening telemetry correlation logic and logging coverage
Establish and operate a threat intelligence capability to monitor adversaries attack campaigns vulnerabilities fraud-related threats and industry trends
Convert threat intelligence into actionable detections hunting scenarios executive alerts and security improvements
Own and govern the cyber incident response framework including severity classification playbooks escalation paths and post-incident reviews
Lead or coordinate response to major cyber incidents in collaboration with technical and business teams
Ensure incident handling includes proper evidence collection root cause analysis and structured documentation
Develop and maintain structured threat hunting programs driven by intelligence hypotheses and incident learnings
Coordinate proactive hunting across critical systems and environments to identify hidden threats
Lead cyber exercises including tabletop simulations purple teaming breach simulation and detection validation exercises
Ensure gaps identified through exercises are converted into remediation and control improvements
Define direction for digital forensics readiness including evidence handling chain of custody and external forensic coordination
Ensure forensic outputs support regulatory reporting remediation and continuous improvement
Provide regular reporting on threat landscape incident trends detection performance and cyber risk posture
Support CISO reporting to senior management ISC and Board-level committees
Track and ensure closure of remediation actions arising from incidents exercises and control assessments
Drive continuous improvement in cyber defense maturity across people process and technology

Requirements

Bachelors degree in Cybersecurity Computer Science Information Technology Engineering or related field
Postgraduate qualification is preferred
Professional certifications such as CISSP CISM or GIAC (GCIA GCIH GCED GNFA) are preferred
Additional certifications in incident response or digital forensics are an advantage
1520 years of experience in cybersecurity SOC operations threat intelligence incident response or cyber defense roles
At least 810 years of experience in banking financial services or other high-security regulated environments
Proven experience leading SOC operations major incident response or enterprise detection engineering programs
Strong technical understanding of security operations tools SIEM EDR/XDR cloud security and network monitoring
Strong knowledge of MITRE ATT&CK and familiarity with MITRE D3FEND concepts
Strong analytical and problem-solving capability in high-pressure environments
Strong leadership skills with ability to manage crisis situations calmly and effectively
Strong communication skills to translate technical incidents into business and risk language
Strong stakeholder management and ability to coordinate across IT security and business teams
Strong continuous improvement mindset focused on strengthening cyber resilience