Job Purpose
The primary function of this role is to monitor the ENOC environment on 24*7 basis and conduct advance analysis’s for events to identify any cyber security threats or attacks on ENOC IT/OT assets. In addition to preforming advance response assessment of the cyber security incident and escalate to Cyber Intelligence Center Manager as per approved policies, processes and procedures.
Principal Accountabilities
Operational
- Follow response procedures and other CIC related SOPs based on the incident impact analysis & predetermined response actions procedures Manage the communication of policies & guidelines and monitor the compliance CIC operations to the cyber-security policies & guidelines.
- Work closely with security analysts to get direct feedback about new, unknown suspicious behaviour
- Handle escalated incident from security analyst to conduct deep investigations.
- Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of ENOC information assets
- Conduct malware analysis using run-time analysis, comparative analysis, and reverse engineering tools
- Conduct digital forensics and deep investigations and evidence handling in line with best practices
- Preform threat hunting, discovery and exploration to identify threats that pass traditional detection tools.
- Perform proactive research to identify and characterize new emerging threats, vulnerabilities, and risks.
- Review and align priority, severity and classification of security incidents
- Develop metrics, reporting and documentation on frequency, impact, and types of incidents.
- Collaborate on the investigation of incidents, containment, remediation and root cause analysis
- Collaborate and conduct research to design and implement new security technology, update existing strategies, improve process and create additional documentation.
- Develop techniques and processes to identify anomalous behavioral patterns.
- Collect contextual information and pursue technical root cause analysis & attack method analysis
- Identify gaps, take ownership of tasks and become a contributor to projects related to CIC as needed.
- Advocate security best practices, strategy, architecture, and assist in security design consultations.
- Apply strategic and tactical responses in challenging environments with heterogeneous systems.
- Provide functional support and content development and improvements for the SIEM and other security technologies used by CIC.
- Participate in Development and implementation of new correlation rules and use-cases in SIEM and enhance the monitoring and detection capabilities of the CIC to integrate SIEM with other monitoring tools with appropriate scripting knowledge skills
- Coordinate with internal and external stakeholders to handle cyber incidents as per approved SOPs and management directions
- Participate in closing identified security audit points.
- Periodically report on IT security status, security systems efficiency, and recommended improvements to management.
- Should be on-call 24 hours per day to respond to cyber security emergences
Education
- Degree: Bachelor’s degree in Computer Science, Engineering or Business field or equivalent, Diploma with additional relevant experience.
- Required professional certifications: Professional certificate such as CISSP, GCTI , GCFA, GNFA
Experience
- 7+ years of Information security or technology experience.
- 4+ years of relevant experience in a similar capacity
- Working experience in multiple industries (e.g. Energy, Utilities, Retail, Government…) is preferable.
- Working experience in cyber security threats monitoring and handling
- Exposer to OT security operation center experience will be a pulse.