· Proven experience in leading the development, deployment, and optimization of Security Operations Centres (SOC), including the SOAR implementation projects.
· Strong expertise in designing and executing custom automation scripts and playbooks to streamline security operations workflows (detection, containment, response).
· Proven ability to reduce MTTD/MTTR, improve recovery times, and automate security event handling in multi-tenant environments.
· Collaborate with cross-functional teams to integrate SOAR with existing security tools and processes.
· Develop playbooks for incident response and ensure regular testing and updates.
· Develop and maintain SOC documentation, including Standard Operating Procedures (SOPs), Service Level Agreements (SLAs), and reporting templates to support consistent and efficient operations.
· Investigate, analyse, coordinate, and report on all security events, incidents and intrusions; track incidents through analysis, correction and resolution
· Analyse and integrate threat intelligence data in SIEM and SOAR to enhance detection capabilities and incident response.
· Leverage Threat Intelligence to build out and tune use cases for Security monitoring and detection, and detection and develop security hunting tasks to detect suspicious activity
· Stay current with emerging threats and vulnerabilities, integrating relevant intelligence into security practices.
· Create and maintain documentation for SIEM and SOAR configurations, procedures, and playbooks.
· Generate regular reports on security incidents, trends, and metrics for management review.
· Provide training and guidance to team members on SIEM and SOAR best practices.
· Document all incidents, investigations, and analysis activities accurately and thoroughly.
· Work with different IT teams to troubleshoot and resolve security-related issues and assist in configuring the logs to be forwarded from their respective systems to SIEM solution.
· Assist the cross functional teams in project-related activities, especially in creating/reviewing the use cases, for any new/existing systems and co-ordinate with vendors to add/update the use cases.
· Studying vulnerabilities, identifying relevant threats, corrective actions recommendations and reporting results. · Assist in reviewing deliverables from projects, implementation, and health check activities and supports any potential changes required to IT Security monitoring plans.
· Conduct SOC Maturity Model assessment.
· Stay up to date in current tools, techniques, and vulnerabilities to incorporate into testing practices
· Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.
· Perform other related duties as assigned.
QUALIFICATIONS, EXPERIENCE AND SKILLS
Knowledge and Experience:
· Bachelor’s Degree in Computer Science or equivalent
· Should have 8-10 years of experience in IT Security with at least 6 years’ experience in conducting analysis of log data in support of intrusion analysis or information security operations
· In-depth Technical and hands-on knowledge and experience across Cyber Security and technology domains
· Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs)
· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation.
· Strong hands-On Experience SIEM and SOAR solutions.
· Understanding of security frameworks and compliance regulations.
· Proficiency in scripting languages (e.g., Python, PowerShell, Jinja) for automation purposes.
· Excellent analytical and problem-solving skills, with the ability to communicate technical concepts to non-technical stakeholders.
· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation.
· Industry recognized professional certifications CISSP, GIAC, NSE or Microsoft Azure.
· Good understanding in E-commerce, logistics, supply chain & port operations applications will be added advantage.
· Detailed understanding of MITRE framework and common attack vectors.
· Experience in working with Multi-tenant environment is preferable.
You will be redirected to the company website to apply for this position