Key Responsibilities
- Maintain and tune Security Information and Event Management (SIEM) platforms, ensuring reliable log ingestion, correlation rules and alerting.
- Develop and manage Security Orchestration, Automation and Response (SOAR) playbooks to detect vulnerabilities, threats and automate remediation steps.
- Continuously monitor for intrusions, anomalous behavior and emerging threats—investigate and triage alerts in real time.
- Write and maintain detection scripts/rules (e.g. for log analysis, network traffic anomalies, endpoint indicators).
- Lead incident response activities: collect forensic data, analyze attack vectors, document breach impact and coordinate containment.
- Liaise with IT operations teams to ensure rapid mitigation of threats and tracking remediation within SLA.
- Produce regular management reports on security posture, incident trends, compliance status and key risk indicators.
- Collaborate with related stakeholders/partners to close cyber security risk identified during monitoring. Cooperate with Tech Risk to conduct cyber drill exercise
Job Specification
- Bachelor’s degree in Computer Science, Cybersecurity, Network Engineering or related technical field.
- 3+ years in a SecOps, SOC Analyst or similar role—experience in a banking or financial-services environment preferred.
- Prior experience in threat hunter is expected.
- Certifications such as CEH, GCIH, or Splunk/QRadar/Sentinel administrator certifications are a plus.
Technical & Functional Skills
- Proficient with SIEM platforms (e.g. Splunk, QRadar, Azure Sentinel) and SOAR tools (e.g. Palo Alto Cortex XSOAR, Demisto).
- Solid scripting ability (Python, PowerShell, Bash) to automate data collection, parsing and response workflows.
- Strong understanding of attack techniques, threat-hunting methodologies and incident-response frameworks (e.g. MITRE ATT&CK).
- Hands-on experience with endpoint detection & response (EDR), network IDS/IPS, and log management.
Personal skills
- Fast, analytical thinker with excellent troubleshooting skills.
- Strong sense of urgency and ownership when it comes to threat mitigation.
- Have collaborative, team works to work closely with others functions and external partners.
- Clear communicator, able to explain technical incidents in understandable summary for executive audiences.
Report job
