Senior SOC Engineer

Senior SOC Engineer

Our Client is a Dubai based IT conmpany with presence in UAE, Egypt, Romania and Pakistan. For their offshore office in MUslim Town, Lahore they are looking for SOC Engineer with Minimum 3 years of experience and a degree in computer science or related field. Following are the details;

Job Description

• Implementation and Administration of Splunk
• Leading SOC Team. Weekly/Monthly trend analysis report for alerts and incidents.
• Ability to work with minimum supervision.
• Ability to work with remote teams.
• Ability to work with different nationalities and in different work environment.
• Self-Motivated and have strong professional Work Ethics.
• Perform root cause analysis on security and availability incidents producing harm charts per-incident and monthly/yearly summary reports
• Tune and refine existing security filters and event rules to reduce false positives. Creation of customized reports, dashboard & Preparation of compliance dashboard
• Conduct SIEM application training for the new hires and existing SOC employees
• Advance SOC Setup - Orchestration and threat intelligence.
• Network and security analysis/assessments and security monitoring
• Performing Real-Time Monitoring Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources
• Handles all end-users, report Incidents, problem ticketing, and change management ticketing with respect to Network Security within the agreed SLA.
• Tracking and reporting the configuration changes in Routers, Switches, and Firewalls of different clients.
• Device integration, creating rules, Active channel, Dashboard, Filters, Reports, queries, etc. in Splunk to track incidents.
• Aggregating and Correlating Logs and Configuring Reports, Queries, Rules, Filters,
• Dashboards, Real-Time Alerts and Console Resource Operations
• Identify and Reporting requirements; Translate requirements into SIEM

Technical Specifications.

• Have strong technical background in Enterprise infrastructure.
• Familiar with Windows Servers, Linux OS, Networking and security protocols.
• Assist co-ordinate with the Security Incident Handling Team in providing assistance during investigations.

Job Requirements

Responsibilities

SOC Monitoring and Implementation

• 3 - 5 years of experience in various information security domains like Compliance Audit, Security Operation Center, and threat intelligence
• Proven track record in the planning, designing, and execution of SOC implementation, business requirement mapping, Security information and event management (SIEM) tooling.
• SOC governance (Including KPIs and metrics), SOC staff training and career development, SOC process, and audit.
• Real-Time Log Monitoring in the Security Operations Centre (SOC) from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Unix, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Devices
• Technical escalation of all L1, L2, and L3 incidents in SOC.
• Project documentation
• Delivery methodologies and skill enhancements
• Analyse and troubleshoot delivery issues in a timely fashion
• Manage a delivery team to ensure timely and accurate Information Security deliveries
• Oversee daily activities of the delivery team and provide direction and guidance as needed
• Design, Create, and Innovate SIEM Use Cases in accordance with business requirement and as per the Cyber threat surface of line of business.
• Good knowledge on SIEM tools like Splunk concept and architecture
• Experience in implementation of SIEM Hands-on Experience in Device integration with SIEM

Cyber Threat Hunting, Analytics and Threat Intelligence

• Knowledge of Data Science with excellence in analysing large volumes of security data and to determine patterns of interest or outliers or hidden attacks and build repeatable algorithms and machine learning models for apply on regular basis to the data.
• Experience in threat hunting and the use of algorithms and tools built by data scientists to actively hunt for attacks in large volumes of data, and create alerts that are passed on to SOC L1 & L2 analysts
• Collate information from external threat sources as well as data from internal SOC and prepare actionable threat feeds and Intelligence briefs. Experience in integrating threat feeds with SIEM/ other security products of as well as to active SOC Manager & SOC Engineering team. The intelligence briefs are consumed by SOC lead, Investigators, and SOC Engineering Team for creating COA.

The job entails a market competitive salary package and lot of growth. You will dirrectly worked with a Top-notch retail and ecommerce Company in dubai who have 400 stores in UAE and more than 2000 employees