Job Description:
1. Security Monitoring & Incident Response:
- Monitor security alerts and events from SIEM, EDR, and other security tools.
- Investigate and triage security incidents, including malware, phishing, and
- unauthorized access attempts.
- Perform root cause analysis and recommend remediation actions.
- Escalate incidents based on severity and impact.
2. Threat Detection & Analysis:
- Analyze logs from servers, endpoints, network devices, and applications.
- Identify anomalies and potential threats using correlation rules and use cases.
- Support threat hunting activities to proactively detect hidden threats.
3. Security Tools & Technologies:
- Manage and optimize tools such as SIEM (e.g., Splunk), EDR, IAM, and vulnerability scanners.
- Assist in fine-tuning detection rules and reducing false positives.
- Support integration of new security technologies.
4. Vulnerability & Risk Management:
- Conduct vulnerability assessments and track remediation efforts.
- Work with system owners to address identified risks.
- Support risk assessments, especially for legacy systems and exceptions.
5. Compliance & Governance:
- Ensure adherence to security policies, standards, and baseline configurations.
- Support audits (internal/external), including evidence gathering and documentation.
- Assist in maintaining compliance with regulatory frameworks (e.g., ISO 27001, MAS TRM, NIST).
6. Configuration & Change Monitoring:
- Monitor critical system configuration changes.
- Validate compliance with hardening baselines across environments.
- Identify and report deviations with proper risk tracking.
7. Reporting & Documentation:
- Prepare incident reports, dashboards, and security metrics.
- Document playbooks, procedures, and use cases.
- Provide regular updates to stakeholders on security posture.
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, or related field.
- 4-10 years of experience in a Security Operations or similar role.
- Experience in regulated environments. (e.g., financial services)
- Exposure taudit and compliance processes.
Technical Skills:
- Experience with SIEM tools (e.g., Splunk).
- Knowledge of Windows/Linux systems and Active Directory environments.
- Understanding of network security concepts (firewalls, IDS/IPS, VPNs).
- Familiarity with endpoint security and identity access management.
- Basic scripting skills (e.g., Python, PowerShell) are a plus.
- Security Knowledge.
Understanding of:
- Threat landscape and attack vectors.
- Security frameworks and standards.
- Incident response methodologies.
- Vulnerability management processes.
Soft Skills:
- Strong analytical and problem-solving skills.
- Good communication and stakeholder management.
- Ability to work under pressure in incident scenarios.
- Detail-oriented with strong documentation skills.
Preferred Skills and Experience:
- Certifications such as CompTIA Security+, CEH, GIAC, CISSP (for more senior candidates)
