Develop and maintain SOC documentation, attack-based Standard Operating Procedures (SOP), SLAs and report templates to be used by Group Technology and regional Business Unit Technology teams.
Supervise the team of SOC analysts and act as L2 specialist for the cases escalated by the monitoring team.
Conduct threat-hunting activities using SIEM logs and other sources of intelligence to identify undetected threats. Leverage Threat Intelligence to build out and tune use cases for security monitoring and detection and develop security hunting tasks to detect suspicious activity.
Work with different IT teams to troubleshoot and resolve security-related issues and assist in configuring the logs to be forwarded from their respective systems to the centralized logging system.
Monitor the performance of security devices and take corrective actions for any threshold breaches.
Assist the global and regional IT teams in project-related activities such as creating or reviewing the use cases for any new/existing systems and coordinate with vendors to add/update the use cases.
Assist in reviewing deliverables from projects, implementation, and health check activities and introduce any potential changes required to IT security monitoring plans.
Study vulnerabilities, identify relevant threats, corrective actions/recommendations, and report results. Stay up to date in current tools, techniques, and vulnerabilities to incorporate into monitoring plans.
Conduct SOC Maturity Model assessment for the Group Technology and regional business units.
OTHER
Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.
Perform other related duties as assigned.
QUALIFICATIONS, EXPERIENCE AND SKILLS
Knowledge and Experience
Bachelor’s Degree in Computer Science or equivalent.
Should have 10+ years of experience in IT Security with at least 6 years of experience in an L2 role within a security operations center.
In-depth technical and hands-on knowledge and experience across Cyber Security and Technology domains.
Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation.
Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs).
Detailed understanding of MITRE framework and common attack vectors.
Industry recognized professional certifications such as GCIH, Security+, CEH are preferable.
Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage.
Experience in working with Multinational Companies (MNC) is preferable.
Soft Skills
Excellent analytical skills.
Excellent verbal and written communication.
Program and Project management skills.
Time management skills.
Team player and conflict management skills.
Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own.
Cultural awareness.
Technical Skills
Hands-on experience with managing well known on-prem & cloud SIEM solutions on public/private clouds like AWS, Azure, etc.
Experience of implementing and managing SOAR platform.
Experience with two or more analysis tools used in a CIRT or similar investigative environment.
Ability to build content in SIEM system.
Ability to analyse and triage IoCs.
Ability to perform in-depth research tasks and produce written summaries covering insights and predictions based on an analytical process.
