Group Specialist - Security Operations

KEY ACCOUNTABILITIES

· Proven experience in leading the development, deployment, and optimization of Security Operations Centres (SOC), including the SOAR implementation projects.

· Strong expertise in designing and executing custom automation scripts and playbooks to streamline security operations workflows (detection, containment, response).

· Proven ability to reduce MTTD/MTTR, improve recovery times, and automate security event handling in multi-tenant environments.

· Collaborate with cross-functional teams to integrate SOAR with existing security tools and processes.

· Develop playbooks for incident response and ensure regular testing and updates.

· Develop and maintain SOC documentation, including Standard Operating Procedures (SOPs), Service Level Agreements (SLAs), and reporting templates to support consistent and efficient operations.

· Investigate, analyse, coordinate, and report on all security events, incidents and intrusions; track incidents through analysis, correction and resolution 

· Analyse and integrate threat intelligence data in SIEM and SOAR to enhance detection capabilities and incident response. 

· Leverage Threat Intelligence to build out and tune use cases for Security monitoring and detection, and detection and develop security hunting tasks to detect suspicious activity 

· Stay current with emerging threats and vulnerabilities, integrating relevant intelligence into security practices. 

· Create and maintain documentation for SIEM and SOAR configurations, procedures, and playbooks. 

· Generate regular reports on security incidents, trends, and metrics for management review. 

· Provide training and guidance to team members on SIEM and SOAR best practices. 

· Document all incidents, investigations, and analysis activities accurately and thoroughly. 

· Work with different IT teams to troubleshoot and resolve security-related issues and assist in configuring the logs to be forwarded from their respective systems to SIEM solution. 

· Assist the cross functional teams in project-related activities, especially in creating/reviewing the use cases, for any new/existing systems and co-ordinate with vendors to add/update the use cases. 

· Studying vulnerabilities, identifying relevant threats, corrective actions recommendations and reporting results. · Assist in reviewing deliverables from projects, implementation, and health check activities and supports any potential changes required to IT Security monitoring plans. 

· Conduct SOC Maturity Model assessment. 

· Stay up to date in current tools, techniques, and vulnerabilities to incorporate into testing practices 

· Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies. 

· Perform other related duties as assigned.

 

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

· Bachelor’s Degree in Computer Science or equivalent

· Should have 8-10 years of experience in IT Security with at least 6 years’ experience in conducting analysis of log data in support of intrusion analysis or information security operations

· In-depth Technical and hands-on knowledge and experience across Cyber Security and technology domains

· Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs)

· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation. 

· Strong hands-On Experience SIEM and SOAR solutions. 

· Understanding of security frameworks and compliance regulations. 

· Proficiency in scripting languages (e.g., Python, PowerShell, Jinja) for automation purposes. 

· Excellent analytical and problem-solving skills, with the ability to communicate technical concepts to non-technical stakeholders. 

· Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation. 

· Industry recognized professional certifications CISSP, GIAC, NSE or Microsoft Azure. 

· Good understanding in E-commerce, logistics, supply chain & port operations applications will be added advantage. 

· Detailed understanding of MITRE framework and common attack vectors. 

· Experience in working with Multi-tenant environment is preferable. 

Soft Skills 

· Excellent communication & analytical skills 

· Program and Project management skills 

· Time management skills 

· Team player and conflict management skills 

· Coaching / guiding skills 

· Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own 

· Cultural awareness Technical Skills 

· Experience with two or more analysis tools used in a CIRT or similar investigative environment 

· Ability to build content in SIEM and SOAR Solutions. 

· Ability to analyse and triage IoCs. 

· Strong knowledge of automation scripts using PowerShell, Python and Jinja 

· Hands-on experience with Azure Sentinel SIEM Solution and FortiSOAR platform is desired. 

· Experience with logs onboarding on SIEM solution. 

· Experience with automated playbooks creation on SOAR Platform. 

· Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs)
 

 

#L1-AA6