Security Incident Response Manager

Job Description:

Security Incident Response Manager - Assistant Vice President

Job Overview

Deutsche Bank (DB) Chief Security Office (CSO) is looking for a senior Information Security professional to support the Bank’s Security Threat Detection & Response (TDR) capabilities.

The TDR Security Incident Manager is responsible for timely acting on security events and incidents, taking decisions to ensure the corresponding course of action for  rapid containment and mitigation.

Additionally, he/she acts as a specialist for information security incident response processes to protect the Bank, its partners, and clients of any potential loss. Besides operations tasks, he/she will be supporting to evaluate and adjust processes, tools, and reporting.

Main Responsibilities:

• Pre-evaluation of information security alerts raised.
• Support the assessment of financial, reputational, client, market or regulatory impact associated with an information security incident.
• Leadership and management of information security incidents with TDR and involved SMEs.
• Decision taking on the information security incident’s severity, category, and course of action.
• Containment of an information security incident
• Providing accurate information security incident communication to the relevant stakeholders.
• Ensuring proper information security incident documentation and hand over to additional Information Security Incident Manager or SOC shifts as needed.

Skills and Capabilities Required

• Good understanding of enterprise technologies especially focusing on security devices, network engineering, operating systems, databases and security configurations on application level.
• Familiar with the MITTRE ATT&CK framework, good knowledge of current threat landscape and attack scenarios/tactics, as well as containment and protection measures .
• Background on incident management, preferrable in the cyber-security field.
• Reasonable understanding on system logs analysis, network traffic logs, payload, event logs, application logs, firewall logs, Active Directory etc.
• Reasonable understanding of Security Incident and Event Management (SIEM) systems, ideally on Splunk Enterprise Security, or Chronicle GCP, or Sentinel.
• Fluent in English, very good communication skills and confident assuming timely decisions. 
• Independent way of working with strong decision making and problem-solving ability.
• Appetite for continuous learning.
• Comfortable/experienced with working in international & multicultural teams.

Always a plus

• Previous experience working in a SOC.
• Admin or SecOps experience, particularly on Google Cloud and/or Azure environments.
• Experience on networks , firewalls and related tools.
• CISSP, CISM, GCIH or other relevant certifications in the field.
• German language skills.

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.