Specialist, SOC (Service Delivery)
Entity: Aga Khan University
Location: Karachi
Introduction to the Aga Khan University:
The Aga Khan University is a private, international university committed to international standards of excellence in teaching, research and service. Its teaching hospital, the Aga Khan University Hospital has been accredited by the prestigious Joint Commission International for achieving the highest international healthcare standards.
Job Role / Responsibilities:
Reporting to the Manager, Information Technology, you are expected to be a highly motivated and energetic individual to support our Security Operations Centre (SOC). This role thrives in the delivery of consistently high level of services to monitor multiple feeds in a 24/7 environment to immediately detect, verify, and respond swiftly to cyber treats, e.g. vulnerability exploitation, malware, cyber-attacks, etc. The incumbent will extensively monitor the global ICT infrastructure of the institution through various tools like SIEM, EDR, Azure ATP, next generation firewall etc.
You will also require carrying host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.
You will be working collaboratively with multiple teams including Systems, Networks, managed SOC, etc. You will serve as an SME within the ICT Service Delivery to hunt and mitigate cyber threat hunters, threat intelligence analysis, and implement and continuously improve technology and process to enhance SOC monitoring, investigation, and response capabilities.
You must be experienced with NIDS/HIPS/EDR infrastructure & tools, protocol analysis and tools. You must have extensive working knowledge of Windows and Linux, malware operation and indicators, networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.), Firewalls, current cyber threat landscape (e.g. threat actors, APT, cybercrime, etc.), Data Loss Prevention monitoring, penetration techniques, and DDoS mitigation techniques. Establish standard policies, prepares support documentation, and provides training to team members. This person will respond to service request and request fulfilment on a regular basis while managing project concurrently.
Specifically, you will be responsible to;
- administering the Security Operations Centre (SOC) Operations - effectively manage the SOC activities
- ICT Systems and Network administration expertise - take necessary technical steps immediately to mitigate active threat on servers, clients, and network devices etc.
- design & Implementing new Innovations - Identifying gaps in the existing IT operations environment and developing innovative solutions to enhance the system
- communication and knowledge sharing amongst IT Staff
- ensure self and team growth through training.
Eligibility Criteria / Requirements:
- Bachelor’s Degree in Computer Science/Engineering
- minimum 5 years relevant experience of IT infrastructure, systems, networks, and systems/networks security operations
- participated in the implementation of Information Security program in a large-scale environment
- have strong hands-on experience on Microsoft Windows Servers (2008/2012/2016/2019), client OS (Windows 7/Windows 10), CentOS & Red Hat, Active Directory, DNS, Windows Defender, Azure, etc.
- be experienced in at least one of the SIEM solutions like IBM QRadar, Microsoft Azure Sentinel, Splunk, LogRhythm, etc.
- experience with EDR, XDR, Network switches and next generation firewall
- expertise in the security and vulnerability assessment and remediation/hardening of server and client operating systems and applications (Active Directory, DNS, Exchange Server, IIS/web services, etc.)
- hands-on experience in dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, malware analysis and malware persistence mechanism
- experienced in analyzing malware, identifying Indicators of Compromise (IOC) and TTPs of various threat actors through the analysis of email, malware, endpoint, network, etc.
- in-depth knowledge of security issues inherent in corporate environments e.g. Phishing, DDoS attacks Malware, Ransomware, etc.
- resources are required to work in rotational shifts to cover 24/7/365 SOC operations
- technical, managerial, analytical, interpersonal and organization skills required
- ability to communicate in an understandable, polite, and friendly manner, both written and verbal
- ability to work well with others, as well as independently
- strong organizational skills and ability to multi-task in a business environment
- ability to establish and maintain effective relationships with co-workers and customers to gain their trust and respect
- ability to professionally deal with difficult people or situations
- ability to pick up technical concepts quickly and can learn new skills and knowledge
- experience working within large and complex technical environments.
