Soc Engineer

Roles and responsibilities

• Manage, verify, validate and tune data collection for log continuity and act to solve any log continuity problem to ensure incidents are identified and alerted and maintain the integrity and availability of all the collected logs, along with monitoring log sources heart-beat
• Configure and manage performance & capacity monitoring and tuning of SOC technologies to maintain operational readiness
• Gather technical data, review security policy and configuration to keep up-to-date and efficient the overall Security Operations Center (SOC) infrastructure to maintain the Service Level Agreement (SLA)
• Manage user access including user and group permissions updates for all SOC infrastructure solutions to ensure confidentiality of the logs and collected data
• Generate System performance reports as required by SOC management teams in alignment with the SOC governance to be used for further analysis
• Maintain SOC tools and technologies hardening to mitigate any known vulnerabilities on the different platforms
• Administrate and Maintain File Integrity Monitoring solution to identify any unauthorised changes to files in different systems and platforms, along with deploying software agents over infrastructure
• Administrate and maintain Database Monitoring solution, to identify unauthorised access/change to all databases under monitoring
• Administrate and maintain Firewall Monitoring solution, to identify unauthorized or weak firewall access policies to all integrated firewalls
• Integrate and maintain network traffic, security events and logs for Intrusion Detection Systems (IDS/IPS), Firewalls/Next-generation Firewalls, Email Security Gateways, File integrity monitoring, DB Monitoring, Proxy solutions, Windows Event Logs, AIX/Linux systems logs, Application Logs, Endpoint security solutions, Data Leakage prevention solutions to provide better data correlation and identify complex security incidents and threats in addition to implementing and integrating new security tools and systems in support of SOC needs
• Deploy and tune SIEM Use Cases and Rules, to reduce false positives on identified threats
• Maintain out-of-the-box and costumed SIEM connectors to ensure proper log collection, normalization, parsing, filtering, field-mapping and forwarding of event logs., and maintain developed scripts to automate SIEM log collection
• Manage SIEM online logs and archive solution for log retention and compliance, Integrate SOC log sources by deploying SIEM log collectors, develop scripts to automate SIEM log collection
• Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner
• Follow the day-to-day operations related to own jobs in the to ensure continuity of work

Desired candidate profile

• Bachelor's degree of Engineering, Computer Science or equivalent
• Minimum 0 - 2 years of experience in IT Security and related disciplines
• Security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis
• Experience in following security technologies:
• Host and perimeter firewalls / Next-generation Firewalls
• Host and network intrusion detection concepts
• Logging and monitoring tools
• Antivirus or end-point security (EPP)
• Data loss prevention (DLP)
• Privileged access management (PAM)
• Endpoint Detection and Response (EDR)
• Security Automation, Orchestration and Response (SOAR)
• Identity and access management (IAM)
• Database access monitoring (DAM)
• Netflow/sflow
• Vulnerability scanning
• Network full packet capture
• Recommended Certifications:
• SIEM Vendor Related Certificates
• GIAC Information Security Fundamentals
• CCNP Security
  

Skills:

• Very good command of English and Arabic language
• Good communication skills
• Good Analytical skills