Responsible to ensure accurate and rapid response to security events. • Analyze security logs, SIEM alerts, and incident reports to identify and mitigate risks. • Respond to and investigate security incidents, including breaches, malware outbreaks, and phishing attacks. Monitor networks and systems for security breaches, alerts, and anomalous activity. • Conduct root-cause analysis to prevent future incidents and develop incident response procedures. • Provide analysis and trending of security log data from various security devices • Configure and maintain SIEM tools to align with the organization’s security objectives and threat landscape. • Create custom SIEM dashboards and reports for different stakeholders to visualize critical security metrics and incident data. • Develop and optimize SIEM content, including rules, alerts, and correlation logic, to improve threat detection and response. • Regularly review and tune SIEM rules to reduce false positives, enhance event correlation, and maintain relevance to evolving threats. • Document and update SIEM processes and configurations, ensuring a high level of data accuracy and availability. • Perform regular vulnerability scans and assist in patch management processes. Work with IT teams to prioritize and remediate them. • Recommend solutions to mitigate risks in any activity that may potentially impact security of existing IT and information management • Ensure compliance with industry regulations (e.g. GDPR, ISO 27001) and company policies. • Assist in the development, implementation, and maintenance of security policies, standards, and guidelines. • Assist in training staff on security best practices, including phishing awareness and data protection. • Help develop educational materials and conduct periodic security awareness training.
Requirements:
Bachelor Degree or Advanced Diploma in Computer Science, Information Technology,
• Cybersecurity from a recognized university or related field (or equivalent experience)
• At least 1-3 years in a cybersecurity role, with hands-on experience in SIEM content
management, network security, threat monitoring, or incident response.
• Strong knowledge of cybersecurity principles, practices, and technologies.
• Expertise in SIEM tools and content management, including rule creation, alert tuning, and report
customization.
• Proficiency with security tools like firewalls, IDPS, antivirus, and vulnerability scanners.
• Knowledge of scripting (Python, PowerShell) for automation within the SIEM environment is a
plus.
• Ability to analyze and interpret security data to identify vulnerabilities and potential threats.
• Excellent communication skills, with the ability to explain complex security concepts to nontechnical stakeholders.
• Strong analytical skills and attention to detail.
• Ability to work on-call or off-hours as needed to respond to security incidents.
• May require occasional travel for training or workshop.
• Experience in the application of threat modelling or other risk identification techniques.
• Detailed knowledge of system security vulnerabilities and remediation techniques, including
penetration testing and the development of exploits
• Breadth of knowledge in information security space with emphasis on TCP/IP network security,
operating system security, common attack patterns and exploitation techniques
• Relevant certifications (e.g., CompTIA Security+, Certified Information Systems Security
Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC)) are a plus
• Effective leadership skills and a team player.
• Strong sense of ownership and driv