Assistant Lead Engineer - SOC Operations (Cyber Ops & Technologies)'

The SOC operations function is responsible for planning and overseeing monitoring and maintenance of security operations, providing direction and leadership to internal resources. The Operations Engineer provides expertise on security technologies and innovative security concepts and works toward enhancing the resilience of security operations. They coordinate ongoing reviews of existing security programs, protocols, and planned upgrades. They establish escalation processes for security incidents and develop contingency plans and disaster recovery procedures, focusing on policy implementation and control.

• Conduct 24/7 continuous monitoring of security events and alerts using various security tools, such as SIEM and endpoint protection

• Perform initial triage of security alerts to determine their validity and severity, identifying false positives or true positives

• Conduct basic investigations of security events, including malware infections and unauthorized access attempts

• Escalate complex or highly suspicious alerts for further investigation and response

• Maintain details records of all activities, including investigations performed, findings and remediation steps taken

• Collects data, evidence, and context necessary for further escalation

• Analyze security logs, events and perform correlation and historical searches to determine the extent and impact of a security compromise

• Handling case management, generating tickets and reports when required, and tracking open tickets until closure

• Investigate and respond to security alerts escalated, performing root cause analysis, and providing remediation guidance

• Escalate critical cases to incident response team and to provide support where needed.

• Prepare scheduled and ad-hoc reports

• Quality assurance on cases handled and closed by junior SOC analyst

• Develop/strengthen playbook and process for case handling by the SOC team

• Assist in identifying opportunities for tuning to improve detection accuracy and reduce false positives

• Willing to work with 12 hours shift pattern that include weekend and public holiday

• At least 3 to 8 years' of experience working in SOC environment

• Strong knowledge and experience in SIEM tools, EDR, NDR

• Strong experience in SOC environment, monitoring security events and alerts on endpoint and network

• Must be willing to work with 12 hours shift pattern that include weekend and public holiday

• Strong Interpersonal and communication skills