SOC Specialist (Vendor)

Mission
·       To continually improve SOC and CSIRT processes and solutions.

·       To provide visibility on network and systems activities from a security point of view.

·       To effectively respond to all security incidents from detections to resolution and ensure all types of security incidents can be detected and responded.
Roles & Responsibilities
·       To ensure continuity of 24x7/365 security services across the company while overseeing security event monitoring, management, and response.

·       To perform ongoing review and tuning of SIEM scenarios to detect new and more threats and improve detection quality.

·       To ensure incident identification, assessment, quantification, reporting, communication, and mitigation while confirming SLA compliance, process adherence, and process improvement to achieve operational objectives.

·       To ensure daily management, administration, and maintenance of security devices under the purview of the SOC which consists of state-of-the-art technologies.

·       To perform threat hunting, threat management, and threat modeling, identify threat vectors, and develop use cases for security monitoring.

·       To be responsible for overseeing the integration of standard and non-standard logs in SIEM and review/ revise the processes to strengthen Security Operations.

·       To gather evidence, evaluate risk, and deliver a plan to respond to contain and remove security threats as quickly and safely as possible. 

·       To verify discovered vulnerabilities according to metrics; correlate and collate the information; apply treatment and hardening and create intelligence reports that communicate the results of the analyses to management and related stakeholders.

·       To build and maintain positive working relationships with stakeholders including cooperating with CRA and FATA Police to meet their requirements.

·       To define, develop, and review key security performance indicators that ensure service delivery and service improvements.

·       To implement and continually improve Digital Forensics capability, tools, and processes. 

·       To develop and revise processes to strengthen the current Security Operations framework, review policies, and highlight the challenges.

·       To educate ITS /NWG/ ICS on the importance of security monitoring and the need for improvement in log collections.

·       To expand, tune, and health check cyber defense tools and technologies (NBA, EDR, XDR, DAM, SOAR, etc.).

·       To liaise with ITS, NWG, and IFM teams to define new scenarios to detect unauthorized and malicious activities.

Job Requirements
 

Education
·       Bachelor’s Degree in Technology Systems (Information Technology/ Computer Engineering /Information Security) or related discipline

·       Related certificates like CEH, SANS, CISSP is desirable
 

Experience
·       Minimum of 2 years of experience in SOC/CSIRT areas

·       Experience working in a medium to large organization

·       Experienced with log analysis tools, creating parsers, correlation rules, and managing reports and dashboards

·       Experience in developing, documenting, and maintaining security procedures and playbooks