Specialist II, Information Security

• SOC & Vendor Management: Manage the SOC Service Provider, ensuring effective alert handling, KPI maintenance, and SLA compliance. Act as the primary technical point of contact for service tuning and escalation.
• Threat Intelligence Management: Administer and utilize or other well-known TIPs (e.g., Microsoft Defender Threat Intelligence (MDTI), Recorded Future) to aggregate, correlate, and analyze external threat data and actor infrastructure.
• Penetration Testing & Offensive Security: Plan and execute internal Penetration Testing (Network, Web App, and Wireless) to identify security weaknesses. Conduct regular "Red Team" style simulations to validate the effectiveness of the SOC's detection capabilities.
• Proactive Threat Defense: Conduct monthly threat hunting missions based on Pentest findings. Develop and deploy YARA rules to identify custom malware and "living-off-the-land" binaries across the environment.
• Digital Forensics: Act as the technical lead for forensic investigations. Utilize forensic tools such as (e.g., EnCase, FTK) to perform disk and memory analysis, ensuring proper chain of custody and evidence preservation.
• Operationalizing Intelligence: Automate the delivery of high-fidelity Indicators of Compromise (IOCs) into the security stack. Translate CTI and Pentest findings into custom KQL detection rules and YARA signatures.
• Vulnerability Management: Manage the vulnerability management lifecycle using (e.g., Microsoft Defender Vulnerability Management, Nessus, and Qualys). Responsibilities include periodic scanning, risk-based prioritization, and rigorous documentation of remediation actions.
• Incident Response & Readiness: Lead as the primary Incident Handler for breaches. Plan and perform regular IR dry runs (Tabletops and Technical Drills) to validate playbooks and restore security requirements effectively.
• Compliance & Documentation: Document configuration procedures, operational processes, and incident reports in line with GRC guidance, ISO 27001, and NCA recommendations.
• Infrastructure Oversight: Ensure security robustness for IT systems, including AD, DNS enhancement, and logical/physical access controls.

• Education: Bachelor’s degree in Cybersecurity, Information Security, computer science or a related IT domain
• Experience: 6–8 years of relevant working experience in Information Security (Specialist II level)
• Technical Knowledge: Deep proficiency in Microsoft Defender XDR, KQL, and YARA
• Expertise: in Nessus and Qualys vulnerability platforms
• Forensics: Hands-on experience with forensic suites (EnCase or similar)
• Pentesting Tools: Mastery of Pentesting tools (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Cobalt Strike)
• Compliance: Familiarity with ARAMCO security standards and NCA regulations
• Certifications:
• Required: Certified CISSP, OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), or EnCE (EnCase Certified Examiner)

• Offensive Mindset: Ability to think like an adversary to conduct effective Penetration Testing and bridge gaps between "red" and "blue" teams
• Forensic Analysis: Ability to conduct deep-dive host and network forensics to reconstruct attacker timeline
• Vulnerability Prioritization: Ability to look beyond CVSS scores to prioritize patching based on real-world exploitability and business impact
• Crisis Leadership: Ability to manage multiple incidents and lead technical teams in a high-pressure environment

Note: This description preserves the structure and content of the original while improving formatting and readability. It does not add new roles or alter stated requirements.