State Bank of Pakistan (SBP), the Central Bank, is looking for talented and energetic candidates for the following contractual positions in Cyber Security Department (CySD), based in Karachi.

Cyber Security Specialist

Key responsibilities of the incumbent will include, but not limited to, the following: Develop, review and maintain data classification and security policies, framework, schemes, incident management plans and other artefacts. Plan and coordinate with different business functions for classification of new & existing data and IT systems of the Bank. Manage data and systems’ repository for classification purpose and provide data security recommendations. Coordinate with IT and other relevant stakeholders for procurement, implementation and fine-tuning of data tagging tools, DLP and other related future developments. Perform development and maintenance of application security program, secure coding standards and other artefacts. Perform application security tasks including code reviews, static analysis, dynamic testing and software composition analysis. Evaluate technology, methodology, and tools to enhance the software development life cycle and provide security requirements during analysis, design and development stages. Stay updated with the latest cyber threats, attack vectors, and security technologies through continuous learning and research. Collaborate with internal stakeholders, such as IT teams and management, to ensure security controls are effectively implemented and aligned with business objectives. Conduct security awareness training and educational programs for employees to enhance their understanding of cyber threats and promote a security-conscious culture. Stay informed about emerging security technologies, industry trends, and best practices to recommend and implement security enhancements. Prepare and present reports on security incidents, threat intelligence, and security posture to stakeholders, including senior management. Assist team leads in proof of concepts, technology testing, management reporting, development projects and/or administrative work, as and when required. Perform other relevant tasks as assigned by the management.

 Eligibility Criteria:

Education:	Bachelors or Master’s Degree with at least 16 years of education in Information Security, IT, Computer Science, Engineering, or relevant field from HEC recognized university or from a reputable foreign university.
Age:	Maximum 32 years, as on the last date of application submission.
Experience:	At least 4 years post qualification experience in Cyber Security.
Other Attributes	Cyber security certifications like CISSP, CISM, CSSLP, CIPP, CHFI or any other relevant credentials are preferred.

 Link to Apply:

SOC Analyst

Key responsibilities of the incumbent will include, but not limited to, the following: Monitor security alerts and events in real-time from various security systems, including SIEM, IDS/IPS, FIM, EDR and FW. Investigate security incidents, conduct in-depth analysis, and perform root cause analysis to determine the scope and impact of security events. Cyber incident triage, response, and investigations based on alerts received from multiple sources. Respond to security incidents promptly, following established incident response procedures, and mitigate the impact of security threats. Develop and maintain documentation, reports, and metrics related to security incidents, investigations, and mitigation efforts. Analyze network traffic and logs to identify patterns, anomalies, and potential security breaches. Analyze user reported security incidents, anomalous behavior and phishing emails for threat hunting, security control fine-tuning and blocking IOCs. Collaborate with IT and cyber security teams to perform threat analysis and propose suitable response and mitigation activities. Collect threat intelligence feeds from multiple sources and disseminate to relevant stakeholders along with recommendations. Perform limited scale digital forensics and investigations in coordination with relevant IT Teams and provide actionable information to Computer Security Incident Response Team (CSIRT). Mature security operations’ playbooks, processes and procedures, and further integrate log sources to enhance monitoring capabilities. Utilize threat intelligence feeds to identify and respond to emerging cyber threats and vulnerabilities in IT systems. Create and maintain regular operational reports for management. Perform any other relevant tasks assigned by the management.

 Eligibility Criteria:

Education:	Bachelors or Master’s Degree with at least 16 years of education in Information Security, IT, Computer Science, Engineering, or relevant field from HEC recognized university or from a reputable foreign university.
Age:	Maximum 30 years, as on the last date of application submission.
Experience:	Minimum 2 years of experience as SOC analyst (Level 1) preferably in bank, multinational company or similar organization.
Other Attributes	Cyber security certifications like Security+, ECIH, CEH, CHFI or any reputable credential of Blue Teaming are preferred. This position will be required to work in shifts for 24x7 operations

 Link to Apply:

 Compensation:

Competitive compensation package, as per State Bank rules.

 Application Procedure

Interested candidates meeting the above-stated eligibility criteria may submit their applications online on https://www.sbp.org.pk/careers/status.asp.

The system generated application form may also be shared through surface mail addressed to Deputy Director, Resource Management, HRD, State Bank of Pakistan, 10th Floor, SBP Main Building, I.I. Chundrigar Road, Karachi with the applied position written on top right of the envelope. Last date of application submission is August 07, 2023. Applications, which are not in accordance with defined requirements in the advertisement, will not be entertained. Only shortlisted candidates will be contacted.

We are an Equal Opportunity Employer. Females, candidates from minorities and transgender persons are encouraged to apply.

Any candidate who misinforms or fails to provide the required information or documents, does not meet the specified criteria as per advertisement, attempts to influence the recruitment process in any manner, tries to obtain support for his/her candidature by inappropriate means or tampers with evidence of his/her age, educational and other certificates, shall be disqualified from the current and any future recruitment process at the Bank; even if the candidate is otherwise eligible.