AVP/SA, Cyber Threat Hunter, Information Security Services, Group Technology

Business Function

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the majority of the Bank's processes and inspire to delight our business partners through our multiple banking delivery channels.

Team Overview

At DBS Bank, we believe that being the Best Bank for a Better World means also being the Safest Bank in the Digital Age. Our cybersecurity vision is built on proactive defense, strong observability, and continuous resilience — empowered by a diverse team of skilled defenders and innovators.

As part of the Group Technology organization, you will be working at the heart of DBS’s digital transformation, safeguarding millions of customers and complex financial ecosystems. We emphasize continuous learning, technical depth, and collaboration to stay ahead of evolving cyber threats, especially those targeting the modern identity landscape.

Role Overview

We are looking for an experienced and proactive Cyber Threat Hunter to strengthen our Security Operations Centre (SOC) in defending against advanced and emerging threats. This role combines analytical depth, technical expertise, and creative problem-solving to uncover anomalous behaviours, investigate potential compromises, and enhance our defensive posture through intelligence-driven hunting practices. Candidates with experience in financial institutions and familiarity with regulatory landscapes are strongly preferred.

Key Responsibilities

• Lead and execute proactive threat hunting missions across enterprise systems, leveraging hypotheses informed by adversary tradecraft, threat intelligence, and defensive data visibility
• Apply advanced analytics, behavioral baselines, and statistical methods to large-scale log datasets to detect subtle anomalies or outliers indicating potential compromise.
• Employ and evolve cyber defense frameworks such as MITRE ATT&CK, Diamond Model, and NIST Cybersecurity Framework in daily hunting activities.
• Collaborate closely with SOC monitoring, Incident Response, and Threat Intelligence functions to operationalize hunt outcomes and strengthen detection logic.
• Develop repeatable hunting playbooks and automation routines using scripting languages such as Python, PowerShell, or similar.
• Provide technical mentorship and contribute to continuous improvement initiatives across the Cyber Defence Group.
• Participate in red/blue/purple team exercises to validate threat detection coverage and response readiness.
  
  

Required Skills And Experience

• 5–10 years of experience in Security Operations, Threat Hunting, or Incident Response, preferably within financial or large enterprise environments.
• Deep technical understanding of attacker TTPs, intrusion lifecycle, and lateral movement behaviors.
• Strong capability in enterprise log analytics, with proficiency in platforms such as Splunk, ELK, UEBA, or QRadar, and query languages (SPL, KQL, SQL).
• Demonstrated experience in hypothesis-driven hunting and investigative research against complex multi-domain telemetry data.
• Familiarity with MITRE ATT&CK, threat intelligence integration, malware analysis fundamentals, network forensics, and EDR/XDR platforms.
• Scripting or data analytics experience (Python, PowerShell, or equivalent).
• Comprehensive understanding of enterprise security controls, SIEM pipelines, and data correlation techniques.
• Relevant certifications such as GCTI, GCIH, GCIA, GCED, GCFA, GMLE, CISSP, OffSec SOC-200, TH-200 or Microsoft SC-200 preferred.
  
  

What We’re Looking For

• Highly analytical and technically curious problem-solver who thrives on uncovering hidden attack patterns.
• Strong collaborator across technology and business domains, with excellent written and verbal communication skills.
• Experienced in designing and operationalizing new detection capabilities from raw log data sources.
• Proactive self-starter passionate about scalable defense, detection engineering, and identity threat resilience.
• Self-driven, investigative mindset with the ability to work independently under minimal oversight.
  
  

Location:

DBS Asia Hub

Job:

Technology

Schedule:

Regular

Employee Status:

Full time