SOC Expert

Roles and Responsibilities:

• Responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected.
• Developing, maintaining, and overseeing SOC policies, procedures, and control techniques to address all applicable requirements from ISO and regulators.
• Co-ordinate with various teams to ensure timely closure of all alerts and incidents.
• Report to management on risk exposure related to information security controls and processes by assessing implemented technical controls and provide a briefing to senior management on Technology and Information Security matters.
• Oversee the deployment, configuration, and management of Wazuh SIEM to ensure comprehensive visibility across the infrastructure.
• Utilize automated and continuous monitoring to derive actionable intelligence, including advanced threat hunting to proactively identify potential security gaps or indicators of compromise (IoC).
• Monitor progress on actions to remediate threats identified through SIEM alerts and hunting activities.
• Maintain and fine-tune Wazuh rules, decoders, and agents to ensure high-fidelity alerting and minimize false positives.
• Incident Management: Establish and implement incident management procedures for reporting and handling security incidents.
• Incident Response: Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
• Monitor all security tools (including SIEM, Brand protection and Attack surface management and ensure the required governance process is followed.
• Identify risk, coordinate, and assist in remediating issues within the defined SLA.
• Ensure all SOC activities align with information security policies, ISO standards, and regulatory requirements.
• Monitor the health of all security tools to ensure governance processes are strictly followed.
• Review security architecture from a technical perspective to ensure compliance with risk and regulatory frameworks.
• Coordinate with security vendors to ensure the deployment and delivery of security patches and tool updates.
• Generate regular reports for management on risk exposure, incident trends, and the overall effectiveness of the information security framework.
• Assess the effectiveness of implemented technical controls and provide data-driven briefings to senior management on the current threat landscape.
• Assist in documenting security incidents and remediation actions to satisfy audit recommendations and regulatory bodies.