Job Summary
Key Responsibilities
Skill Requirements
Mandatory Skills SOC Operation Leadership • Own daily SOC operations, ensuring continuous monitoring, triage, investigation, and response across all environments. • Define and enforce SOC operating model (tiers, shift model, handovers, runbooks, playbooks, escalation matrix). • Establish and track KPIs/SLAs (MTTD, MTTR, false positive rate, detection coverage, case backlog, use‑case health). • Drive operational excellence: backlog management, case quality reviews, post‑incident reviews, and continuous improvement. • Able to plan, build and run the SOC tool from scratch, requires having hands-on SIEM tool migration experience. • Prior working experience to handle different types of Audits such ISO 27001 and able to create roadmap for Audit gaps closure on timebound manner. SIEM & Detection Engineering • Administer and maintain SIEM platform health (parsers, ingestion pipelines, data models, indexing, retention, performance). • Onboard and normalize log sources (network, endpoint, identity, cloud, application) to meet coverage targets. • Design, tune, and maintain detections (rules, correlations, ML/UEBA) aligned to MITRE ATT&CK; and threat scenarios. • Develop and maintain dashboards, metrics, use‑case catalogs, and detection lifecycle management processes. Incident Handling & Response • Lead incident response from validation through containment, eradication, recovery, and lessons learned. • Coordinate cross‑functional responders (IT ops, network, application, legal/IR) and manage stakeholder communications. • Prepare and maintain IR plans, playbooks, communications templates, and evidence handling procedures. • Conduct root‑cause analysis and drive corrective actions to prevent recurrence. Threat Hunting & Intelligence • Run proactive hunts across SIEM/EDR/identity telemetry based on TTPs, IOCs, and hypothesis‑driven scenarios. • Operationalize internal/external threat intelligence and OSINT to improve detections and coverage. 1.1.1 Stakeholder Communication • Provide timely, clear communication during incidents; prepare executive summaries and after‑action reports. • Partner with IT Ops, Network, Application, and Business stakeholders to balance risk, speed, and user impact. Add-on Skills Network Security (Hands‑on) • Configure and troubleshoot firewalls, IDS/IPS, WAF, VPN, proxies, NAC, and network telemetry integrations to SIEM. • Monitor east‑west and north‑south traffic, segment networks, and enforce secure configurations and policy baselines. Endpoint Security (Hands‑on) Administer and tune EDR/XDR platforms (e.g., Microsoft Defender for Endpoint, CrowdStrike, etc.) for high detection efficacy. • Ensure endpoint hardening, policy compliance, isolation workflows, and automated containment actions as appropriate. Vulnerability Management • Own vulnerability lifecycle with IT teams: scanning (Qualys/Tenable/Rapid7), prioritization (CVSS/KEV/business context), remediation and verification. • Track remediation SLAs, report risk posture trends, and drive patching and configuration baselines improvements. Cloud & Identity Security • Integrate cloud telemetry (Azure/M365, AWS, GCP) and identity sources (AD/AAD/IDP) into SIEM with strong detections. • Work with cloud and IAM teams on conditional access, MFA, privileged access monitoring, and identity threat detections. Governance, Risk & Compliance • Align SOC processes with frameworks/standards (ISO 27001, NIST CSF/800‑61, MITRE ATT&CK;). • Support audits, evidence collection, control testing, and policy/procedure updates.
Other Requirements
1.1 Qualifications & Experience • Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience. • 12-15 years in Security Operations with 5+ years leading SOC teams or major incident response programs. • Expert‑level hands‑on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, LogRhythm, QRadar) including admin and detection engineering. • Strong incident handling expertise across containment, eradication, recovery, and lessons learned. • Demonstrated experience with EDR/XDR, SOAR automation/orchestration, and case management tools. • Hands‑on network security knowledge (firewalls, IDS/IPS, WAF, VPN, proxies, NAC) and packet/log analysis. • Vulnerability management lifecycle experience using enterprise scanners and remediation governance. • Experience integrating cloud and identity telemetry; familiarity with Azure/M365 security preferred. • Knowledge of frameworks and models: MITRE ATT&CK;, NIST 800‑61 IR, NIST CSF, ISO 27001. • Excellent communication, stakeholder management, and executive reporting skills. • Audit participation experience is must Preferred Certifications • Security+: CompTIA Security+ • SIEM/EDR vendor certifications (e.g., Splunk, Microsoft, CrowdStrike). • Incident response/forensics (e.g., GCFA, GNFA, GCIH). • Cloud security (e.g., AZ‑500, SC‑200, CCSP). • Network security (e.g., NSE, PCNSA/PCNSE, CCNP Security). Tools & Platforms (indicative) • SIEM: Splunk, Microsoft Sentinel, LogRhythm, QRadar • EDR/XDR: Microsoft Defender for Endpoint, CrowdStrike, SentinelOne • SOAR: Splunk SOAR, Cortex XSOAR, Sentinel playbooks/Logic Apps • Vulnerability: Qualys, Tenable, Rapid7 • Network: Palo Alto, Fortinet, Cisco, F5/WAF, Zscaler/Proxies KPIs & SLAs • Mean Time to Detect (MTTD) and Mean Time to Respond/Recover (MTTR). • False positive rate and alert quality index. • Detection/use‑case coverage (% of prioritized threat scenarios). • Log source coverage and health (% of critical sources onboarded and healthy). • Vulnerability remediation SLA compliance and risk reduction trends Job Description Job Title:SOC Section Manager [IT Security & Infrastructure]Name of Job Owner:[First name + Last name]Personnel Number:[Personnel Number] Cost Centre:[Cost Centre]Organisational Unit:Corporate Department:Information TechnologyRepresents:[Role] - [First name + Last name] Represented by:[Role] - [First name + Last name]Disciplinary Superior: Functional Superior: [Superior role] - [First name + Last name] [Superior role] - [First name + Last name] Summary of Position: substantial / major Tasks:The SIEM & SOC Senior Specialist will be responsible for leading the migration of the SIEM platform from the existing environment to a new solution. This role involves designing and developing new detection use cases, optimizing and refining them prior to deployment, and ensuring seamless onboarding into the new platform. The specialist will also establish new operational processes, enhance and modify existing procedures as required, and drive adherence to security and compliance standards, ensuring achievement of a 100% compliance score.Major Tasks / Activities(What the position does) Expected Outcome(Why is it done)Engage with key users to understand business needs, challenges, and goals. Support in developing (technology) solutions on domain level aligned with organizational objectives. Defined, aligned, and communicated domain level strategy, roadmap, and processes.Define domain related process