SECURITY OPERATIONS CENTER (SOC) ENGINEER

Job Specification: Security Operations Center (SOC) Engineer

Position: Security Operations Center (SOC) Engineer Location: [Location] Type: Full-Time

Job Summary: We are seeking a highly motivated and skilled Security Operations Center (SOC) Engineer to join our dynamic IT security team. The SOC Engineer will play a critical role in managing security events, analysing Sentinel logs, and assisting in the implementation of best practices aligned with NIST guidelines and governance requirements. The ideal candidate should possess a strong technical background in cybersecurity, hands-on experience with security tools, and a proactive approach to identifying and mitigating security risks.

Responsibilities:

1. Security Event Management:

o    Monitor security events and alerts from various sources, including intrusion detection/prevention systems, firewalls, and security information and event management (SIEM) tools.

o    Analyse and investigate security incidents to determine the scope, impact, and potential remediation steps.

o    Respond to security incidents in a timely and effective manner, collaborating with cross-functional teams to mitigate threats.

2. Sentinel Log Analysis:

o    Review and analyse Sentinel logs to identify patterns, anomalies, and potential security breaches.

o    Develop and maintain log analysis procedures and processes to enhance incident detection and response capabilities.

3. FortiGate Firewall Management:

o    Administer and update FortiGate firewalls to ensure proper configuration, rule management, and firmware updates.

o    Collaborate with network team to define and implement firewall policies that align with security standards and business requirements.

4. Best Practice Implementation:

o    Assist in defining and implementing best practices for cybersecurity in alignment with NIST guidelines.

o    Provide guidance and recommendations to IT team on security controls, policies, and procedures to enhance the overall security posture.

5. Governance and Compliance:

o    Contribute to the implementation and maintenance of governance controls related to IT security.

o    Ensure compliance with industry standards and regulatory requirements, participating in audits and assessments as needed.

6. Incident Response:

o    Participate in incident response exercises and tabletop simulations to enhance incident handling capabilities.

o    Collaborate with incident response team to develop and refine incident response plans.

7. Documentation and Reporting:

o    Maintain accurate and comprehensive documentation of security events, incident responses, and actions taken.

o    Generate regular and ad-hoc security reports for management and relevant stakeholders.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or related field.
• Proficiency in using SIEM tools, log analysis platforms, and firewall management consoles.
• Solid understanding of cybersecurity principles, best practices, and frameworks such as NIST.
• Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents effectively.
• Excellent communication skills, both written and verbal, with the ability to communicate technical concepts to non-technical stakeholders.
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced and evolving security landscape.

Desirables:

• FortiGate experience.
• Experience in a hybrid Azure AD/Intune and local AD environment.
• Experience scripting in PowerShell and/or Python.
• Experience writing queries in KQL.
• Innovative mindset, the drive to change and improve the IT/security environment.
• Relevant certifications such as CompTIA Security+, CISSP, CISM, or equivalent.

Benefits:

• Competitive salary and benefits package
• Opportunities for professional growth and development
• Collaborative and innovative work environment
• Access to cutting-edge cybersecurity technologies and tools

If you are a dedicated SOC Engineer with a passion for security and a commitment to safeguarding our organisation's digital assets, we encourage you to apply.