Job Purpose

This role is to support in ensuring that the company information is protected, in accordance with the needs of the business and according to Information Security principles of availability, integrity and confidentiality.

The purpose of the Security Operation Center is to bring the Bank’s information security risks under explicit management control through implementation of controls and close monitoring.

This role also supports the technical implementation of the Security Incident and Event Management (SIEM) toolset.

Principle Responsibilities

• Perform deep-dive investigations into complex security incidents escalated by Level 1 analysts to determine root cause and scope of impact.
• Serve as the primary Incident Handler, executing containment, eradication, and recovery procedures during active security breaches.
• Ensure quality control of the triage process by reviewing L1 annotations and validating alert classification and documentation.
• Support fraud monitoring and investigation activities, identify patterns of fraudulent behavior, and coordinate with financial crime units.
• Integrate standard and non-standard logs into SIEM and central log management solutions to ensure full visibility.
• Conduct proactive threat hunting across networks and endpoints to identify stealthy threats that bypass automated detection systems.
• Develop and tune SIEM correlation rules, alerts, and dashboards to improve detection accuracy and reduce false positives.
• Perform scheduled and ad-hoc security assessments, evaluating log coverage and visibility, and ensuring remediation of identified gaps.
• Provide technical recommendations to project teams regarding security monitoring and log requirements for new business functions.
• Create and maintain detailed technical SOPs, playbooks, and incident response documentation for the SOC library.
• Analyze malware samples and suspicious files to understand behavior and develop custom Indicators of Compromise (IOCs).
• Communicate technical findings and remediation steps clearly to both technology teams and business leaders.
• Ensure SOC activities remain aligned with organizational Information Security policies and regulatory standards.
• Manage technical relationships with outsourced service providers and vendors to resolve complex security issues and platform outages.
• Assist the Blue Team in hardening the environment by translating Red Team findings into actionable security improvements.
• Report directly to the SOC Manager and organize workload effectively within established parameters.

Qualifications Required

• Bachelor’s degree in computer systems, Cybersecurity, or a related field.
• Minimum of 2 years’ experience in cybersecurity operations.
• Professional certifications such as Certified SOC Analyst, CISA, CISSP, or CEH is an advantage.
• Strong technical background in Unix/Linux, Microsoft Windows, and networking systems.
• In-depth knowledge of corporate security threats including phishing, DDoS, and malware.
• Excellent interpersonal, written, and oral communication skills.
• Ability to thrive in deadline-driven environments managing multiple issues simultaneously.
• Strong infrastructure and technology background with proven expertise in Unix/Linux, Microsoft Windows, and networking systems, as well as experience implementing and managing SIEM solutions.
• Proficiency in the full incident response life cycle (NIST/SANS), with the ability to execute containment actions like host isolation and account suspension., managing complex incidents end-to-end, and thriving in deadline-driven environments.
• Skills in detection engineering, including the development and tuning of SIEM correlation rules to minimize false positives.
• Competency in automation and some scripting to develop SOAR playbooks and streamline SOC workflows.
• Technical knowledge of log architecture, including the configuration of Syslog-ng, Windows Event Forwarding (WEF), and API integrations.
• Strong analytical skill in performing Root Cause Analysis (RCA) to translate complex technical findings into business-relevant insights.
• Project management skills in contributing to and leading cybersecurity strategy initiatives and technical capability roadmaps.
• Experience in implementing and managing SIEM solutions.
• Effective stakeholder engagement, technical leadership, and mentorship, while maintaining operational excellence in security operations.
• Managing the full lifecycle of complex security incidents, from initial escalation through to final remediation and reporting.

• Perform deep-dive investigations into complex security incidents escalated by Level 1 analysts to determine root cause and scope of impact.
• Serve as the primary Incident Handler, executing containment, eradication, and recovery procedures during active security breaches.
• Ensure quality control of the triage process by reviewing L1 annotations and validating alert classification and documentation.
• Support fraud monitoring and investigation activities, identify patterns of fraudulent behavior, and coordinate with financial crime units.
• Integrate standard and non-standard logs into SIEM and central log management solutions to ensure full visibility.
• Conduct proactive threat hunting across networks and endpoints to identify stealthy threats that bypass automated detection systems.
• Develop and tune SIEM correlation rules, alerts, and dashboards to improve detection accuracy and reduce false positives.
• Perform scheduled and ad-hoc security assessments, evaluating log coverage and visibility, and ensuring remediation of identified gaps.
• Provide technical recommendations to project teams regarding security monitoring and log requirements for new business functions.
• Create and maintain detailed technical SOPs, playbooks, and incident response documentation for the SOC library.
• Analyze malware samples and suspicious files to understand behavior and develop custom Indicators of Compromise (IOCs).
• Communicate technical findings and remediation steps clearly to both technology teams and business leaders.
• Ensure SOC activities remain aligned with organizational Information Security policies and regulatory standards.
• Manage technical relationships with outsourced service providers and vendors to resolve complex security issues and platform outages.
• Assist the Blue Team in hardening the environment by translating Red Team findings into actionable security improvements.
• Report directly to the SOC Manager and organize workload effectively within established parameters.

• Unix/Linux
• Microsoft Windows
• Networking systems
• Corporate security threats (phishing, DDoS, malware)
• Incident response life cycle (NIST/SANS)
• Detection engineering
• SIEM correlation rules development and tuning
• Automation and scripting
• SOAR playbooks development
• Log architecture (Syslog-ng, WEF, API integrations)
• Root Cause Analysis (RCA)
• Project management
• SIEM solutions implementation and management
• Stakeholder engagement
• Technical leadership
• Mentorship

• Bachelor’s degree in computer systems, Cybersecurity, or a related field.
• Minimum of 2 years’ experience in cybersecurity operations.
• Professional certifications such as Certified SOC Analyst, CISA, CISSP, or CEH is an advantage.
• Strong technical background in Unix/Linux, Microsoft Windows, and networking systems.
• In-depth knowledge of corporate security threats including phishing, DDoS, and malware.
• Excellent interpersonal, written, and oral communication skills.
• Ability to thrive in deadline-driven environments managing multiple issues simultaneously.
• Strong infrastructure and technology background with proven expertise in Unix/Linux, Microsoft Windows, and networking systems, as well as experience implementing and managing SIEM solutions.
• Proficiency in the full incident response life cycle (NIST/SANS), with the ability to execute containment actions like host isolation and account suspension., managing complex incidents end-to-end, and thriving in deadline-driven environments.
• Skills in detection engineering, including the development and tuning of SIEM correlation rules to minimize false positives.
• Competency in automation and some scripting to develop SOAR playbooks and streamline SOC workflows.
• Technical knowledge of log architecture, including the configuration of Syslog-ng, Windows Event Forwarding (WEF), and API integrations.
• Strong analytical skill in performing Root Cause Analysis (RCA) to translate complex technical findings into business-relevant insights.
• Project management skills in contributing to and leading cybersecurity strategy initiatives and technical capability roadmaps.
• Experience in implementing and managing SIEM solutions.
• Effective stakeholder engagement, technical leadership, and mentorship, while maintaining operational excellence in security operations.
• Managing the full lifecycle of complex security incidents, from initial escalation through to final remediation and reporting.