L3 Security Specialist

Our Culture:

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

Our Code of Conduct

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

Duties and Responsibilities:

· Administration, management, configuration, testing, and integration tasks related to the SIEM system focusing primarily on content development to include reports, dashboards, real-time rules, filters, and channels.

· Develop and deploy new content (use-cases) on SIEM solution, in respect to business or emergency threat requirements with the assistance of the engineering team.

· Conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats

· Perform investigation and escalation for complex or high severity security threats or incidents

· Serve as an escalation resource and mentor for other analysts

· Work with SIEM Engineering and other security partners developing and refining correlation rules

· Maintain expert knowledge of advanced persistent threats tools, techniques, and procedures (TTPs) as well as forensics and incident response practices.

· Threat hunting by identifying and hunting for emerging threat activities across all internal and external sources

· Coordinate evidence/data gathering and documentation and review Security Incident reports

· Assist in defining and driving strategic initiatives

· Create and develop SOC processes and procedures working with Level 2 and Level 1 Analysts

· Provide recommendations for improvements to security Policy, Procedures, and Architecture based on operational insights

· Define and assist in creation of operational and executive reports

· Analyze security events to verify incidents and their potential impact and risk to the clients.

· Prepare and share incident analysis form to initiate response to validated events by engaging the required teams or resources to address the security incidents.

· Provide support in the log integration activities and elimination of false positives.

· Provide support during incident containment, investigation, eradication, and recovery.

· Support with data required for generating SOC reports and metrics.

· Monitor for false positive events and coordinate with engineering team to rectify them.

· Analyze recurring incidents and performance of existing systems, processes, and people and ensure corrective actions are taken.

· Support with data required for generating SOC reports and metrics.

· Support in documenting new playbooks and updating existing ones

Requirements

•  5+ years' experience in SOC operations, monitoring and event analysis.
• Expertise in Security monitoring & analysis platforms, and related technologies.
• Excellent analytical and problem-solving skills
• Advanced knowledge and expertise of using SIEM\SOAR technologies for event investigation
• Strong understanding of incident handling/incident response techniques
• Extensive experience in Incident Response, Incident Handling and Security Operations