Location: Onsite – Qatar
EXP: 13+ yrs
Key Responsibilities
Monitoring and analysis of cyber security events with the use of (SIEM) and other tools.
SOAR experience to Design and configure automation and workbooks.
SIEM as MS sentinel and Q-radar and other tools use case management (alerts and reports) as per industry
best practices.
Monitor EDR to detect and investigate suspicious activities across all products.
Monitor shadow IT for external threats and data exfiltrate.
Provide analysis and trending of security log data from many heterogeneous IT security devices.
Continuous threat hunting and liaise with the relevant team in case suspected incident.
Provide threat and vulnerability analysis as well as security advisory services.
Analyze and respond to previously undisclosed software and hardware vulnerabilities.
Investigate, document, and report on Cybersecurity issues and emerging trends.
Review SOC Analyst ticket queue, review tickets, closure or reassignment as needed.
Create/review/modify documentation as needed, to include any process or procedure and thus ensure its up
to date and standard.
Provide analytical feedback on network traffic patterns.
Provide analytical feedback related to malware and other network threats.
Understand information security policies and best practices in environments.
Provide technical support within the Security Incident and Event Management team to assist in the
investigation and remediation of security incidents.
Escalate incident remediation changes with other business units, vendors, and customers, adhering to a
predefined ITIL change management framework.
Where necessary, liaise and work with Professional Services Engineers and Solutions Architects around
incident investigation and reporting.
Maintain detailed knowledge of the environment(s), where applicable, by maintaining and updating relevant
documentation such as Network Diagrams, Configuration and Asset Databases along with process and
procedural documentation.
Change management calendar updates/closures.
Monthly SOC Reports.
SOC White Board daily/weekly updates.
Conduct security assessments regularly to identify vulnerabilities and performing risk analysis.
Document incidents to contribute to incident response and disaster recovery plans.
In the case of third-party vendors, verify their security strength and collaborate with them.
Analysis of phishing emails reported by internal end users.
excellent understanding of application layer attacks, network level attacks, zero-day attacks etc.
Excellent understanding of kill chain, attack life cycle.
Perform other duties as requested to meet the ongoing organizational needs.
Skills & Requirements:
Requires Bachelor’s degrees in Computer/IT engineering or related field.
Professional Certifications – SOC Analyst (CSA, CompTIA CySA+ etc.), CEH.
SIEM Solution (Azure Sentinel, Q-Radar etc.).
Threat Intelligence and Threat Hunting.
English language skills (reading, speaking, writing, and listening).
Good communication skills and teamwork.