Group Specialist

KEY ACCOUNTABILITIES

· Proven experience in leading the development, deployment, and optimization of Security Operations Centres (SOC), including the SOAR implementation projects.

· Strong expertise in designing and executing custom automation scripts and playbooks to streamline security operations workflows (detection, containment, response).

· Proven ability to reduce MTTD/MTTR, improve recovery times, and automate security event handling in multi-tenant environments.

· Collaborate with cross-functional teams to integrate SOAR with existing security tools and processes.

· Develop playbooks for incident response and ensure regular testing and updates.

· Develop and maintain SOC documentation, including Standard Operating Procedures (SOPs), Service Level Agreements (SLAs), and reporting templates to support consistent and efficient operations.

· Investigate, analyse, coordinate, and report on all security events, incidents and intrusions; track incidents through analysis, correction and resolution

· Analyse and integrate threat intelligence data in SIEM and SOAR to enhance detection capabilities and incident response.

· Leverage Threat Intelligence to build out and tune use cases for Security monitoring and detection, and detection and develop security hunting tasks to detect suspicious activity

· Stay current with emerging threats and vulnerabilities, integrating relevant intelligence into security practices.

· Create and maintain documentation for SIEM and SOAR configurations, procedures, and playbooks.

· Generate regular reports on security incidents, trends, and metrics for management review.

· Provide training and guidance to team members on SIEM and SOAR best practices.

· Document all incidents, investigations, and analysis activities accurately and thoroughly.

· Work with different IT teams to troubleshoot and resolve security-related issues and assist in configuring the logs to be forwarded from their respective systems to SIEM solution.

· Assist the cross functional teams in project-related activities, especially in creating/reviewing the use cases, for any new/existing systems and co-ordinate with vendors to add/update the use cases.

· Studying vulnerabilities, identifying relevant threats, corrective actions recommendations and reporting results. · Assist in reviewing deliverables from projects, implementation, and health check activities and supports any potential changes required to IT Security monitoring plans.

· Conduct SOC Maturity Model assessment.

· Stay up to date in current tools, techniques, and vulnerabilities to incorporate into testing practices

· Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.

· Perform other related duties as assigned.

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

· Bachelor’s Degree in Computer Science or equivalent

· Should have 8-10 years of experience in IT Security with at least 6 years’ experience in conducting analysis of log data in support of intrusion analysis or information security operations

· In-depth Technical and hands-on knowledge and experience across Cyber Security and technology domains

· Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs)

· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation.

· Strong hands-On Experience SIEM and SOAR solutions.

· Understanding of security frameworks and compliance regulations.

· Proficiency in scripting languages (e.g., Python, PowerShell, Jinja) for automation purposes.

· Excellent analytical and problem-solving skills, with the ability to communicate technical concepts to non-technical stakeholders.

· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation.

· Industry recognized professional certifications CISSP, GIAC, NSE or Microsoft Azure.

· Good understanding in E-commerce, logistics, supply chain & port operations applications will be added advantage.

· Detailed understanding of MITRE framework and common attack vectors.

· Experience in working with Multi-tenant environment is preferable.

Soft Skills 

· Excellent communication & analytical skills

· Program and Project management skills

· Time management skills

· Team player and conflict management skills

· Coaching / guiding skills

· Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own

· Cultural awareness Technical Skills

· Experience with two or more analysis tools used in a CIRT or similar investigative environment

· Ability to build content in SIEM and SOAR Solutions.

· Ability to analyse and triage IoCs.

· Strong knowledge of automation scripts using PowerShell, Python and Jinja

· Hands-on experience with Azure Sentinel SIEM Solution and FortiSOAR platform is desired.

· Experience with logs onboarding on SIEM solution.

· Experience with automated playbooks creation on SOAR Platform.

· Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs).