الوصف الوظيفي
Position Overview: We are seeking a Cyber Security Operations Engineer with a strong background in security operations, threat detection, and incident response. The ideal candidate will have experience with advanced security technologies, including SIEM, SOAR, EDR, XDR, NDR, and more, to help defend against cyber threats and ensure the security of our digital assets. This role requires hands-on expertise with security tools such as McAfee ePO, Antivirus, EPP, DLP, and Data Classification technologies.As a Cyber Security Operations Engineer, you will play a critical role in monitoring, detecting, and responding to security incidents, working closely with other security teams and stakeholders to protect the organization's infrastructure.Key Responsibilities:Security Monitoring & Incident Detection:Monitor security alerts and data from various security platforms (e.g., SIEM, NDR, EDR, XDR) to detect and respond to potential threats.Utilize SIEM tools (e.g., Splunk, ArcSight, QRadar) to aggregate, analyze, and correlate logs and events for threat detection and incident investigation.Incident Response & Mitigation:Lead or participate in incident response activities, including analysis, containment, eradication, and recovery.Use SOAR platforms (e.g., Demisto, Phantom, Swimlane) to automate and orchestrate incident response workflows.Investigate security incidents across endpoints, networks, and applications and provide recommendations for remediation.Threat Intelligence & Tuning:Leverage threat intelligence feeds and integrate them with SIEM/XDR platforms to enhance detection capabilities.Continuously tune and optimize security tools to improve detection and response times, minimizing false positives.Security Tool Management & Optimization:Manage and fine-tune the configuration of security tools, including McAfee ePO, Antivirus, EPP (Endpoint Protection Platform), and DLP (Data Loss Prevention) solutions.Support the implementation and maintenance of network and endpoint security solutions (EDR, NDR, XDR).Data Protection & Classification:Ensure data security policies are enforced using Data Loss Prevention (DLP) tools and data classification frameworks.Implement and enforce best practices for protecting sensitive and confidential data, adhering to internal and external compliance requirements.Vulnerability Management:Work with vulnerability management teams to identify, assess, and remediate security weaknesses across the enterprise infrastructure.Conduct regular assessments to ensure endpoint protection and security tools are up to date and fully operational.Collaboration & Reporting:Work closely with IT, Network, and Development teams to ensure security measures are incorporated into the infrastructure and applications.Provide regular reports to management on security incidents, trends, and improvements to the security posture.Security Awareness & Training:Assist in creating and delivering security awareness training for employees, ensuring that security protocols and best practices are understood and followed.Compliance & Documentation:Maintain documentation of security incidents, investigations, and system configurations in accordance with compliance and audit standards.Assist in compliance efforts for relevant security frameworks and regulations (e.g., GDPR, HIPAA, PCI-DSS).RequirementsEducation:Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent work experience.Required experience:3-5 years of experience in security operations or a related field, with hands-on experience using a variety of security technologies and tools.Technical Skills:Security Tools: Extensive experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight), SOAR (e.g., Demisto, FortiSoar), EDR (e.g., CrowdStrike, Cybereason, Carbon Black), XDR, NDR, EPP, DLP, and Data Classification tools.Endpoint Security: Familiarity with McAfee ePO, Antivirus solutions, and endpoint protection tools.Network Security: Experience with network security technologies, firewalls, IDS/IPS, and NDR platforms.Scripting & Automation: Experience with scripting languages (e.g., Python, PowerShell) to automate security workflows and incident response processes.Threat Intelligence & Analysis: Ability to consume and integrate threat intelligence into security operations tools.Cloud Security: Familiarity with cloud platforms (AWS, Azure, GCP) and security considerations for cloud infrastructure.Certifications (Preferred):Certified Information Systems Security Professional (CISSP)Certified Ethical Hacker (CEH)GIAC Security Operations Certified (GSOC)Certified Incident Handler (GCIH)CompTIA Security+ or equivalentKey Skills & Attributes:Strong analytical skills with the ability to triage and investigate security events.In-depth understanding of security operations, incident response, and risk management.Strong troubleshooting skills and ability to think critically under pressure.Excellent communication skills, including the ability to explain complex technical concepts to non-technical stakeholders.Proactive and collaborative mindset, able to work effectively across multiple teams.A deep understanding of emerging security threats and trends, with a passion for continuous learning.