Key Accountabilities & Responsibilities
- SOC Operations & Incident Response
- Lead and oversee 24x7 SOC operations, ensuring effective monitoring and timely response to security events.
- Own the end‑to‑end incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident review.
- Act as the primary escalation point for high‑severity (P1/P2) cybersecurity incidents.
- Ensure incidents are handled within defined SLAs, playbooks, and escalation frameworks.
- Threat Detection, Monitoring & Response
- Ensure optimal configuration, tuning, and operational effectiveness of security tools including SIEM, SOAR, EDR/XDR, NDR, and UEBA.
- Oversee development and enhancement of use cases, detection rules, and alert correlation logic.
- Lead proactive threat hunting and continuous monitoring activities aligned with emerging threat landscapes.
- Ensure SOC practices align with MITRE ATT&CK, threat intelligence feeds, and industry best practices.
- Governance, Risk & Regulatory Compliance
- Ensure SOC operations comply with:
- CBUAE Cyber Risk Management regulations
- Bank Information Security policies and standards
- Applicable international frameworks (e.g., NIST, ISO 27001)
- Support internal audits, regulatory examinations, and compliance reviews.
- Maintain up‑to‑date SOC documentation including SOPs, runbooks, incident reports, and dashboards.
- People Management & Capability Development
- Lead, coach, and develop SOC analysts and incident responders (L1/L2/L3).
- Define shift rosters, skill matrices, training plans, and performance objectives.
- Drive continuous capability uplift through training, simulations, table‑top exercises, and lessons learned.
- Promote a strong security culture and operational discipline within the SOC team.
- Vendor & Third‑Party Management
- Manage SOC vendors, MSSPs, and technology partners.
- Monitor vendor performance against contractual SLAs and KPIs.
- Coordinate vendor involvement during incidents, investigations, and forensic activities.
- Support vendor reviews, renewals, and service improvement initiatives.
- Reporting & Stakeholder Engagement
- Provide regular SOC operational and risk reports to senior management covering:
- Incident trends and metrics
- SLA compliance
- Threat landscape overview
- Brief senior stakeholders during major incidents and crisis situations.
- Collaborate closely with IT Infrastructure, Cloud, GRC, and Business teams.
Key Performance Indicators (KPIs)
- Mean Time to Detect (MTTD)
- Mean Time to Respond (MTTR)
- Incident SLA compliance
- Reduction in repeat / high‑severity incidents
- Audit and regulatory compliance outcomes
Qualifications & Experience
Education
- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related discipline.
Experience
- Minimum 10 years of experience in cybersecurity, with at least 5 years in SOC / Incident Response leadership.
- Strong experience operating SOC functions within banking or regulated environments.
Certifications (Preferred)
- CISSP / CISM
- GIAC (GCIH, GCED, GCIA)
- Cloud security certifications (AWS / Azure Security)
Technical & Professional Skills
- Strong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms.
- Deep understanding of cyber threats, malware, ransomware, and APTs.
- Hands‑on experience with incident handling, digital forensics, and log analysis.
- Strong analytical, decision‑making, and crisis management skills.
Behavioral Competencies
- Leadership and accountability
- Ability to operate under pressure
- Clear communication with senior stakeholders
- Risk‑based decision‑making
- Strong collaboration and stakeholder management.
Skills: siem,cyber security,edr,soar,soc
