Threat Management Principal Analyst

About the job

The Cybersecurity Defense Specialist is responsible for protecting digital assets, systems, and networks from cyber threats and attacks. The role will ensure configuration and management of security infrastructure components such as firewalls, IDS/IPS, and SIEM platforms in close collaboration with their cybersecurity operations team. The role also oversees the operations of the SOC and ensures that SOC services are in alignment with defined SLAs. The role monitors networks and systems for suspicious activities and intrusions, employing advanced cybersecurity tools and technologies and plays a critical part in safeguarding organizational assets and maintaining the confidentiality, integrity, and availability of data and resources.

Responsibilities:

• Threat Monitoring and Detection: Continuously monitor network traffic, system logs, and security events using intrusion detection systems (IDS), security information and event management (SIEM) tools, and other security technologies to identify potential security incidents and anomalies.
• Vulnerability Management: Identify, assess, and prioritize security vulnerabilities in systems, applications, and infrastructure using vulnerability scanning tools and penetration testing techniques. Develop and implement remediation plans to address identified vulnerabilities and reduce the organization's attack surface.
• Security Patch Management: Coordinate the timely deployment of security patches, updates, and fixes for operating systems, software applications, and firmware to address known security vulnerabilities and protect against exploitation by threat actors.
• Security Configuration Management: Review and enforce security configurations, policies, and access controls for servers, workstations, firewalls, routers, and other network devices to ensure compliance with industry standards and best practices.
• Endpoint Protection: Oversee the implementation of endpoint security solutions such as antivirus software, endpoint detection and response (EDR) systems, and mobile device management (MDM) platforms to secure end-user devices and prevent malware infections and data breaches.
• Network Security: Drive the configuration and management of firewalls, intrusion prevention systems (IPS), and virtual private networks (VPNs) by the IT cybersecurity operations team to safeguard network infrastructure, monitor traffic, and prevent unauthorized access, intrusion attempts, and data exfiltration.

Cybersecurity Incident Management- SOC

Execute the onboarding exercises for third party provision of SOC services. Manage the third-party provision of a SOC for ADC on:

• Monitoring & Detection: Track monitoring of network traffic, system logs, security alerts, and other sources of security telemetry for signs of suspicious or malicious activity by using advance SIEM and intrusion tools.
• Incident Triage and Analysis: Facilitate the investigation of security alerts and incidents to determine their scope, severity, and potential impact on the organization's systems and data.
• Threat Intelligence Analysis: work with the third party to develop the process to analyze threat intelligence feeds, indicators of compromise (IOCs), and security research reports to identify emerging threats, attack patterns, and malicious actors targeting the organization
• Security Incident Response: Track execution of incident response activities to contain, mitigate, and remediate security incidents in a timely manner.
• Compliance Monitoring and Reporting: Ensure compliance with regulatory requirements, industry standards, and internal security policies within the SOC environment

Minimum qualifications:

• Bachelor’s or master’s degree in computer science, Information Technology, Cybersecurity, or a related field
• At least 5 years of experience in cybersecurity defense, incident response, threat detection, and network security roles with at least 2- 3 years of experience with security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), security information and event management (SIEM) systems, endpoint security solutions, and vulnerability management tools. Certifications such as Certified Information Systems Security Professional (CISSP/ Certified Ethical Hacker (CEH)/ Certified Information Security Manager (CISM) is highly desirable.