Job Description

Business Function

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the majority of the Bank's processes and inspire to delight our business partners through our multiple banking delivery channels.

Team Overview

At DBS Bank, we believe that being the Best Bank for a Better World means also being the Safest Bank in the Digital Age. Our cybersecurity vision is built on proactive defense, strong observability, and continuous resilience — empowered by a diverse team of skilled defenders and innovators.

As part of the Group Technology organization, you will be working at the heart of DBS’s digital transformation, safeguarding millions of customers and complex financial ecosystems. We emphasize continuous learning, technical depth, and collaboration to stay ahead of evolving cyber threats, especially those targeting the modern identity landscape.

Role Overview

We are seeking a Senior Cyber Threat Hunter with deep expertise in Security Operations, Threat Hunting, and Identity & Access Monitoring. This role focuses on uncovering sophisticated identity-based threats targeting AAA (Authentication, Authorization, and Accounting) frameworks including and not limited to insider threats using data-driven detections across multiple environments. You will be responsible for strengthening visibility, enriching SIEM and data lake analytics, and driving advanced defense strategies that enhance the bank’s overall security posture

Key Responsibilities

• Conduct proactive threat hunting across network, endpoint, and identity data sources to detect credential misuse, privilege abuse, and lateral movement.
• Analyze telemetry from identity systems such as Privileged Access Management (PAM), Active Directory, Azure AD, ADFS, AWS, and GCP to identify abnormal authentication or authorization behavior.
• Develop and refine detection logic for identity threats within SIEM, UEBA, or XDR platforms using MITRE ATT&CK and ATT&CK for Identity frameworks.
• Collaborate with application teams and log source platform owners to review custom application logs, assess compatibility for security monitoring, and facilitate their onboarding into SIEM platforms and data lakes.
• Define log parsing, normalization, and enrichment requirements to ensure high-fidelity data onboarding for developing new use cases and threat detection content.
• Work closely with IAM, SOC, and Threat Intelligence teams to integrate behavioral analytics and intelligence-driven detection methods.
• Participate in post-incident and red team/blue team exercises to validate monitoring controls and improve defensive coverage.

·       Continuously enhance log visibility, hunting processes, and automation pipelines in alignment with DBS’s Cyber Defence and Data Governance Frameworks

Required Skills and Experience

• 5–10 years of experience in Security Operations, Threat Hunting, or Incident Response, preferably within financial or large enterprise environments.
• Strong understanding of the AAA framework, authentication/authorization protocols (Kerberos, NTLM, SAML, OAuth2, OIDC, LDAP), and Zero Trust architectures.
• Hands-on expertise with major SIEM/XDR platforms (Splunk, Sentinel, UEBA, ELK, or QRadar) and related analytics tools.
• Practical experience working with custom log sources, data normalization (CEF, JSON, Syslog), and event schema mapping.
• Proficient in Python, PowerShell, or Bash for automation, data enrichment, and threat analysis.
• Familiar with MITRE ATT&CK, threat intelligence integration, identity threat detection, and cloud security (Azure, AWS, or GCP).
• Relevant certifications such as GCTI, GCIH, GCIA, GCED, GCFA, GMLE, CISSP, OffSec SOC-200, TH-200 or Microsoft SC-200 preferred.

What We’re Looking For

• Highly analytical and technically curious problem-solver who thrives on uncovering hidden attack patterns.
• Strong collaborator across technology and business domains, with excellent written and verbal communication skills.
• Experienced in designing and operationalizing new detection capabilities from raw log data sources.
• Proactive self-starter passionate about scalable defense, detection engineering, and identity threat resilience.

Job Requirements