SOC Specialist (Vendor)

Job Description

• To ensure continuity of 24/7/365 security services across the company while overseeing security event monitoring, management, and response.
• To perform ongoing review and tuning of SIEM scenarios to detect new and more threats and improve detection quality.
• To ensure incident identification, assessment, quantification, reporting, communication, and mitigation while confirming SLA compliance, process adherence, and process improvement to achieve operational objectives.
• To ensure daily management, administration, and maintenance of security devices under the purview of the SOC which consists of state-of-the-art technologies.
• To perform threat hunting, threat management, and threat modeling, identify threat vectors, and develop use cases for security monitoring.
• To be responsible for overseeing the integration of standard and non-standard logs in SIEM and reviewing/revising the processes to strengthen security operations.
• To gather evidence, evaluate risk, and deliver a plan to respond to contain and remove security threats as quickly and safely as possible.
• To verify discovered vulnerabilities according to metrics; correlate and collate the information; apply treatment and hardening and create intelligence reports that communicate the results of the analyses to management and related stakeholders.
• To build and maintain positive working relationships with stakeholders including cooperating with CRA and FATA Police to meet their requirements.
• To define, develop, and review key security performance indicators that ensure service delivery and service improvements.
• To implement and continually improve digital forensics capability, tools, and processes.
• To develop and revise processes to strengthen the current Security Operations framework, review policies, and highlight the challenges.
• To educate ITS/NWG/ ICS on the importance of security monitoring and the need to Improve log collections.
• To expand, tune, and health check cyber defense tools and technologies (NBA, EDR, XDR, DAM, SOAR, etc.).
• To liaise with ITS, NWG, and IFM teams to define new scenarios to detect unauthorized and malicious activities.