Sr. SOC Engineering Specialist

• Degree holder in Information Security, IT, Computer Science or other related disciplines
• Overall IT relevant experience of minimum 7 years, in a combination of multi-disciplinary IT/Security Operations and cyber security
• Experience in working for a demanding security operations Centre with multiple tracks.
• Proficient in cyber security and technology risk management
• Good knowledge and understanding of Vulnerability Management and Penetration Testing
• Knowledge in OWASP and common attack vectors in different platforms (Windows, Linux, Network, etc)
• Knowledgeable in TCP/IP, Linux/UNIX System Administration, DNS server and Windows System Administration
• Experience in working with Cloud and vendors risk assessment.
• Experience and understanding of IT operations and processes.
• Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, NIST, PCI-DSS, Data Protection etc., cyber security threats, tools and best practices
• Experience and knowledge of Microsoft Sentinel Kusto Query Language (KQL)
• Experience and knowledge of cloud & network security is preferred
• Experience in supporting or managing Security projects or Risk Management programs
• Experience in working with managing external vendor supporting SOC

Core Responsibilities:
1. Perform accurate and precise real-time analysis and correlation of logs/alerts from a multitude of client devices with a focus on the determination of whether said events constitute security incidents.
2. Hands-on experience in the setup and writing of SIEM & SOAR correlation rules.
3. Enhance and fine-tune threat detection scenarios and strategies.
4. Research and analyse the latest attacker tactics and implement proactive security measures.
5. Establish new and maintain existing security operation guidelines, procedures, and playbooks.
6. Responsible, interpreting, conducting analysis and making recommendations for resolution from security logs sources and alerts from the (SIEM, IAM, CASB, EDR, SEG & other security tools) and other threat detection systems for threats activity from our managed services Security Operations Centre (SOC).
7. Report incident statistics through SIEM platform and provide analysis of incidents.
8. Ability to explain the risks of security threats and devise mitigations.
9. Familiarity with various SIEM platforms such as Splunk, Elastic, Microsoft Sentinel, etc.
10. Act as team and responsible for cyber security incidents arising (e.g. for end-point devices such as laptops, desktops, servers, firewalls, routers, O365, SEG, security devices, etc), including those escalated by Security Operations Centre (SOC). This involves following up with the respective end users and IT personnel to ensure incidents are effectively closed.
11. Representing Group-level IT Security COE across IT teams at key cross-team projects/Initiatives and managing Group-level IT Security project plan, schedule, issue/dependency tracking and security check on Pre and Go-Live.
12. Maintain Security Hardening Standard: creating secured configuration standards for new platform/technology, and enhancements of overall existing standards.
13. Facilitate security request on firewall, email, etc whitelisting review & approval.
14. Prepare regular cyber security status reports for submission to Leadership team.
15. Review and analyse the vulnerability based on CVE & CVSS industry standards; identify the impact and asses the risk of exploitability and provide recommendation to prioritize the implementation especially those High & Medium risks to the relevant stakeholders.
16. Provide advice to IT/End users and managing the cyber security policies, procedures and best practices.
17. Perform periodic review on Privilege accounts & other Security owned accounts.
18. Communicate cyber security advisories to IT/End users.
19. Any other duties as required by the company