SOC TECHNOLOGY ENGINEER
Job Description
Manage, verify, validate and tune data collection for log continuity and act to solve any log continuity problem to ensure incidents are identified and alerted and maintain the integrity and availability of all the collected logs, along with monitoring log sources heart-beat.
Configure and manage performance & capacity monitoring and tuning of CIB SOC technologies to maintain operational readiness.
Gather technical data, review security policy and configuration to keep up-to-date and efficient the overall Security Operations Center (SOC) infrastructure to maintain the Service Level Agreement (SLA).
Manage user access including user and group permissions updates for all SOC infrastructure solutions to ensure confidentiality of the logs and collected data.
Generate System performance reports as required by SOC management teams in alignment with the SOC governance to be used for further analysis.
Maintain SOC tools and technologies hardening to mitigate any known vulnerabilities on the different platforms.
Administrate and Maintain File Integrity Monitoring solution to identify any unauthorised changes to files in different systems and platforms, along with deploying software agents over CIB infrastructure.
Administrate and maintain Database Monitoring solution, to identify unauthorised access/change to all databases under monitoring.
Administrate and maintain Firewall Monitoring solution, to identify unauthorized or weak firewall access policies to all integrated firewalls.
Integrate and maintain network traffic, security events and logs for Intrusion Detection Systems (IDS/IPS), Firewalls/Next-generation Firewalls, Email Security Gateways, File integrity monitoring, DB Monitoring, Proxy solutions, Windows Event Logs, AIX/Linux systems logs, Application Logs, Endpoint security solutions, Data Leakage prevention solutions to provide better data correlation and identify complex security incidents and threats in addition to implementing and integrating new security tools and systems in support of SOC needs.
Deploy and tune SIEM Use Cases and Rules, to reduce false positives on identified threats.
Maintain out-of-the-box and costumed SIEM connectors to ensure proper log collection, normalization, parsing, filtering, field-mapping and forwarding of event logs., and maintain developed scripts to automate SIEM log collection.
Manage SIEM online logs and archive solution for log retention and compliance, Integrate SOC log sources by deploying SIEM log collectors, develop scripts to automate SIEM log collection.
Policies, Processes and Procedures
Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
Day- to-day operations
Follow the day-to-day operations related to own jobs in the to ensure continuity of work.
Compliance
Comply with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.
Qualifications & Experience
Bachelor’s degree of Engineering, Computer Science or equivalent.
Minimum 0 – 2 years of experience in IT Security and related disciplines.
Security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis.
Experience in following security technologies:
Host and perimeter firewalls / Next-generation Firewalls
Host and network intrusion detection concepts
Logging and monitoring tools
Antivirus or end-point security (EPP)
Data loss prevention (DLP)
Privileged access management (PAM)
Endpoint Detection and Response (EDR)
Security Automation, Orchestration and Response (SOAR)
Identity and access management (IAM)
Database access monitoring (DAM)
Netflow/sflow
Vulnerability scanning
Network full packet capture
Recommended Certifications:
SIEM Vendor Related Certificates
GIAC Information Security Fundamentals
CCNP Security
Skills
Very good command of English and Arabic language
Good communication skills
Good Analytical skills
