• Notera att ansökningsdagen för den här annonsen kan ha passerat. Läs annonsen noggrant innan du går vidare med din ansökan.

Anti Financial Crime Unit (AFC) is responsible for addressing and preventing all aspects on financial crime, anti-money laundering, counter terrorist financing, fraud, cybersecurity, information security and physical security. We are approximately 180 people located in all our home markets: Stockholm, Tallinn, Riga and Vilnius.

Swedbank is the bank for the many. We believe in a diverse and inclusive workplace, and we want all our employees to feel valuable and have the prerequisites to develop and perform at their very best. Inspiring and learning from each other is what moves us forward. Join us in our journey and find out more about us at: swedbank.com/work-with-us

About the job You will play a critical role in ensuring security incidents never happen (again) by working together with the rest of the bank(s). You will help protect us every single day and you make us better, day in and day out.

Swedbank's Cyber Defense Center protects the bank against cyber attacks. We have tools and services that identify potentially divergent behaviors that suggest infringement or violation of our internal policies based on Behavioral Analysis, Data Analysis and Data Correlations. We are now looking for two analysts for our office in Sundbyberg. As an analyst in our team, you will be primarily responsible for developing, providing and implementing use cases for this tool.

You, together with our information security managers and officers, conduct workshops with various business areas within the bank to identify which behaviors may indicate infringement or violation of regulations and how to detect them. You transform this knowledge into use cases, which include mappings to machine learning models and rules that form the basis for the use case. You ensure that log data contained in the Security Information and Event Management (SIEM) System is complete, not redundant, and meets the quality requirements that exist for models and rules to be implemented with a low degree of false positives. You work, in conjunction with our security architects, together with the business areas and their developers so that everything needed in log data to detect deviant behaviors is in place. As part of the use case work, you work with our Security Operations Center and the Computer Security Incident Response Team to describe how alarms should be handled and how the tool helps to quickly implement cyber incident management and threat hunting. In addition to this, you work closely with the team that manages the operation of the tool and ensures that data parsing is done correctly. Together with our teams within Threat Intelligence and Threat Hunting, you develop and implement new cyber security use cases that address new and changing behavior of external opponents. You are also responsible for the life cycle of these use cases.

Since cyber criminals do not keep business hours the job includes on-call duties on a scheduled and rotating basis. The frequency is less than one week per month.

What you need to succeed This role involves handling very sensitive cases which require access to a lot of personal and confidential information. Therefore, we will put a lot of effort on assessing your personality during the recruiting process. We like to see that you exhibit a high level of personal integrity and personal responsibility. In this work a lot of things can happen simultaneously, and new information is received continuously. We like to see that you work well under pressure, while remaining cool and focused. We also like to see that you can multitask, handling different tasks in parallel as an incident develops. A long experience with IT incident response, operations or engineering is therefore required.

Since understanding what cyber criminals do in our IT environment is like searching for a needle in a haystack, and the haystack consists of all the different IT systems in the Bank, we like to see that you are intimately familiar with a few of these systems. The work is deeply technical, and you need to be comfortable around a command line and logfiles.

The total set of skills which the SIRT team needs is listed below, and you contribute to it in two or more areas. Even if you are not a security aficionado today, but aim to become one, your core skills in these areas may make you the perfect candidate:

IT systems within one or more verticals in the Bank, such as digital banking, payments in general and cards in particular, core banking, etc.
IT systems in general
Windows incl. Powershell scripting
Linux and Unix incl. scripting
Log analysis, with a deep knowledge of log contents, their meaning, SIEM and UEBA tools and how to search for and identify suspicious patterns in them
Big data analysis, statistics, R, machine learning algorithms, mathematics
Threat hunting
Cloud security (private and public)
Malware analysis and reverse engineering
Software development (e.g. Java and Python) and API threat analysis, incl. custom tool development
Threat intelligence
Computer forensics
Networking and network security (incl. WiFi), such as routing/switching, firewalls, IDS/IPS and network traffic analysis
Behavioral Analysis

Potential next steps in your career after this job We have a lot of exciting internal job opportunities – it is all up to you!


Why work with me and my team? - Yakup Güneyli I truly believe in the collaboration, teamwork and team spirit – it is the key to success. We need to enjoy what we do! For me, it is important to have a work environment where you feel your importance, have the possibility to grow as a person and at the same time have fun. I offer an engaging environment where you will work closely together with highly skilled, ambitious and experienced colleagues who will help and push you to the next level. You will work in aninternational organization adopting new technologies at an early stage and be part of interesting and challenging projects. Your work will be widely used both by the organization and external clients.

We kindly ask you to send in your application in English!


We may begin the selection under the application period, so we welcome your application as soon as possible.

Nothing of interest for you – recommend the job to a friend!


We have made our choice regarding recruitment media and therefore kindly decline contact with ad sellers or sellers of other recruitment services.


Detta är en jobbannons med titeln "Cyber Security Investigator and Threat Hunter" hos företaget Swedbank AB och publicerades på webbjobb.io den 6 april 2020 klockan 10:30.

Hur du söker jobbet

webbjobb-logo-white webbjobb-logo-grey webbjobb-logo-black