Cyber Security Investigator and Threat Hunter

Stockholm (Län)
den 12 oktober 2018
den 4 november 2018

Organized crime. Nation states. Malspam. BEC fraud. Ransomware. CaaS. AI threat actors. Fileless malware. Threat intelligence. 

We are expanding our team of crackerjack cyber security investigators and threat hunters with three senior positions in our SIRT. 


About the job

You are the last line of defense before money gets stolen, systems fall victim to sabotage or general mayhem causes the financial system to collapse. You get cases too difficult to handle for anyone else. You hunt for intrusions wherever they are hiding. You push tools beyond their limits, and build your own where they fall short. You gather and share intelligence and experience with your peers at other banks and cryptically named agencies and organizations. You pick apart the kill chain to its core. You protect us every single day. And you make us better, over and over again.

You play a critical role in ensuring the incident never happens again, working with the rest of the bank.

You are part of a large team of security experts. Our cyber security investigators and hunters have your back when the going gets tough and provide full access to their expertise. Our red team puts you on your toes in purple team exercises. Our information security architects keep everyone else on their toes to ensure the bank stays secure. Our information security officers define the policies and frameworks to help the business remain secure. Our identity & security, workplace security, network security and other security teams provide the capabilities so incidents don’t occur in the first place.

The work requires interacting and collaborating both cross border and across organizational dimensions, within the bank as well as externally.

Since cyber criminals do not keep business hours the job includes on-call duties on a scheduled and rotating basis. The frequency is less than one week per month.

What you need to succeed


  • Exhibit extraordinary integrity and escalate risk issues where the risk/reward tradeoffs are not appropriate
  • Have a strong personal responsibility
  • Have at least 5 years experience with security incident response and/or IT security
  • Are a coach and educator towards the SOC and other security and business teams within the bank and wider security community
  • You are comfortable with presenting your work to your peers
  • You can keep several tasks running in parallel, able to work whenever there's no clear ruling available while making the right priority decisions, under stressful conditions and are able to perform under pressure to deadlines
  • You are passionate about what you do; show initiative, and are a strong team player, preferably with cross-border experience
  • Have very good verbal and written communication skills in English


You excel in at least two of the areas listed below and are well versed in at least one additional area:

  • Computer forensics
  • Log analysis, with a deep knowledge of log contents, their meaning, SIEM and UEBA tools and how to search for and identify suspicious patterns in them
  • Windows security incl. Powershell scripting
  • Linux and Linux security incl. scripting
  • Networking and network security (incl. WiFi), such as routing/switching, firewalls, IDS/IPS and network traffic analysis
  • Threat hunting
  • Malware analysis and reverse engineering
  • Software development (e.g. Java and Python) and API threat analysis, incl. custom tool development
  • Cloud security (private and public)
  • Threat intelligence
  • Big data analysis, statistics, R

Bonus areas we interested in are:

  • GIAC Cyber Defense or Incident Response And Forensics certification
  • IACIS certifications, CFR, ISC2 certifications, CEH, CCNA Cyber Ops
  • Mobile forensics
  • Degree in mathematics with a focus on statistics

What you may have worked with previously

  • Security incident response
  • CERT/CSIRT/Cyberdefense center
  • Security Operations Center
  • Threat intelligence

Potential next steps in your career after this job

  • IT Security Architect
  • Information security manager
  • Chief Information Security Officer

Why work with us?

Jan Willekens, the head of the department, explains:
“As a major bank in the Nordics and Baltic region we are at the forefront of the arms race with crime syndicates and nation states. We are exposed to the most advanced attacks from the best opponents. They innovate, and we innovate. And we defend ourselves successfully. We do this in an environment where the team has a lot of freedom to steer their work, within a context of clear priorities defined in a structured manner. When working with incident response sometimes the floodgates open while it is very quiet at other times. This provides for plenty of time for projects which improve the team and deliver our roadmap. This includes meeting your peers at conferences, participate in exercises, obtain certifications, etc., but also act as requirements owner to the rest of the IT organization. Keeping up to date and developing skills is crucial in our business. We can’t afford to lag behind our opponents.

My management style is hands off, I do not micro manage. I have a team of seasoned professionals, they can hold their own. I follow up progress, prioritize and make decisions if there is no team consensus. I have a clear vision on what needs to be done and what we need to put in place to meet tomorrow’s adversaries, and that is reflected in our roadmap. Continuous improvement is a red thread throughout. The banking sector is opening up, integrating with fintech companies at the API level to systems traditionally locked away, expanding cloud usage, working agile using devops, etc. This is the reason we are hiring. We need more experts in our core areas, but also in areas which we are moving in to. We established a SOC earlier in 2018, freeing up time for the team to focus on hunting, threat intelligence, automation and orchestration, expand and get a lot more out of existing tools. Now it is time to take the next step.

I am blessed to have very strong management support for our plans to take a major step towards our future. It’s going to be an exhilarating journey!”

Swedbank SIRT is a Trusted Introducer accredited team.

We kindly ask you to send in your application in English!

We may begin the selection under the application period, so we welcome your application as soon as possible.

Nothing of interest for you – recommend the job to a friend!

We have made our choice regarding recruitment media and therefore kindly decline contact with ad sellers or sellers of other recruitment services.

Liknande jobb

Liknande jobb