Purpose / Job Description
A cybersecurity Operations Senior Analyst serves as the technical expert on Cybersecurity analytics, cybersecurity tools, data protection, threat detection, response and recovery.
§ Analyze and monitor cyber security logs to identify/report any threats or potential risks (SOC monitoring)
§ Assist in designing solid security architecture with cost-effective security tools to keep MEDGULF always safe and protected from new threats/zero day’s attacks and other malwares.
Accountabilities & Responsibilities
· Understand threat intelligence and help to treat Threats, Vulnerabilities, and Exploits in MEDGULF IT landscape.
· Have wide knowledge and exposure to infrastructure systems like (Active directory, windows servers, Domain controllers, proxies, virtualization, etc.)
· Conduct daily security health checks and reports to proactively capture and detect any security threats/malicious events.
· Professional handling of security incidents with timely response and recovery
· Maintain proficiency in security exploitation tools, attack techniques, procedures and trends.
· Maintain an up-to-date comprehension of emerging trends in information security in general to identify and resolve Cybersecurity challenges
· Develop and present timely and accurate security design and architectural review reports
· Perform cybersecurity analysis in accordance with a defined methodology in order to produce the strengths and weaknesses in MEDGULF security postures.
· Responsible for RCA Reports related to cybersecurity / information security incidents
· Support the detection, identification, and reporting efforts of possible cyber-attacks and intrusions, ransomware, zero day attacks.
· Support the detection of security gaps/weaknesses on IT systems by conducting vulnerability assessment & Penetration testing.
· Characterize and perform analysis of network traffic and system data to identify anomalous activity and potential threats to resources.
· Responsible of managing/implementing Security Information & Event Management solution (SIEM)
· Prepare detailed network defense improvement recommendations to close/mitigate incidents
· Enhance behavioral analysis and signature-less techniques to enhance protection of end-points security
· Frequently perform an authorization and access rights review to ensure only authorized users have the right access to the targeted systems/servers.
· Technical certification is preferred on Windows servers, Proxies & Firewalls, networking, other Forensics & security tools
· Have knowledge of digital forensics and investigation methodologies.
· Must have one the specified Information security / Cybersecurity related Certifications (CISSP, CSSLP, CCFP, CSP, etc.)
* Strong hands-on cybersecurity / information security skills and experience.
* Must be able to maintain confidentiality when working with sensitive information.
* Good verbal and written language skills – English (and ideally Arabic).
* Strong analytical skills
* Systematic approach and rigorous attention to detail
* Good communication skills
* Good exposure with regulatory, testing, and best practices frameworks relevant to Cyber-security / information security is required:
* SAMA Cyber-security Framework
* PCI DSS
* ISO 27001
* Positive attitude towards learning and development demonstrated by a record of continuing professional development
* Good Team player