POSITION DESCRIPTION
The Specialist, IT Security (SOC) role is responsible for the front-line defense of the bank's digital infrastructure. Reporting to the Manager of IT Security SOC Operations, this individual oversees the health, configuration, and monitoring of enterprise security platforms. The primary focus is to proactively detect, investigate, and mitigate cyber threats through advanced log correlation, threat hunting, and incident response. This role requires technical expertise in tool administration and analytical skills to transform raw security data into actionable intelligence, ensuring a resilient security posture across all divisions.
DUTY & RESPONSIBILITY
- Manage and maintain core cybersecurity tools such as SIEM, EDR, email gateway, and PAM solutions.
- Monitor security alerts and investigate incidents, escalating when necessary.
- Continuously monitor security logs to identify and report on potential security incidents or vulnerabilities and work with Manager Security team to analyze security events and take appropriate action.
- Develop, document, and improve incident response playbooks, SOC procedures, and workflows.
- Conduct log correlation rule tuning and develop custom detection rules to improve alert quality and reduce false positives.
- Support threat hunting efforts using endpoint and log data to identify undetected threats.
- Collaborate with the IT Services Division to resolve security-related issues.
- Conduct root cause analysis of incidents and recommend long-term remediation.
- Generate and distribute SOC reports on current security status, incidents, and compliance to management and relevant stakeholders.
- Perform regular health checks and updates on security tools.
- Develop and maintain automation scripts (SOAR) to streamline repetitive SOC tasks
- Interface with security tool vendors for troubleshooting high-level technical issues and evaluating new feature releases.
- Support deep-dive digital forensics on compromised endpoints to identify the extent of a breach and recover compromised data.
- Support red team/blue team exercises and vulnerability management.
- Prepare reports and metrics for incident trends and system performance.
- Handle others' tasks assigned by Head of Department.
QUALIFICATION
- Master's or bachelor's degree in cybersecurity, IT, computer science, or other related fields.
- Minimum of 3 years of experience in IT Security, with at least 2 years of hands-on experience in SOC operations, incident response, or digital forensics
- Outstanding leadership and organizational and time management skills.
- Basic understanding of security principles, networking protocols (TCP/IP, DNS, HTTP), and operating system internals (Windows/Linux).
- Proven experience in managing and tuning SIEM, EDR, and PAM solutions.
- Good communication and interpersonal skills.
- Ability to work both independently and collaboratively in a team environment.
- Basic analytical and problem-solving skills.
- Familiarity with industry standards and frameworks such as PCI-DSS, ISO 27001, NIST, or COBIT.
- Willing to learn, fast learner, flexible, self-motivated, and "can do" attitude.
- Relevant certifications such as CCNP, CompTIA Security+, CC, SSCP, CCSP, or equivalent are a plus.
