Key responsibilities

• Follow response procedures and other CIC related SOPs based on the incident impact analysis and predetermined response actions procedures.
• Manage the communication of policies and guidelines and monitor the compliance of CIC operations to the cybersecurity policies and guidelines.
• Work closely with security analysts to get direct feedback about new, unknown suspicious behaviour.
• Handle escalated incidents from security analysts to conduct deep investigations.
• Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of ENOC information assets.
• Conduct malware analysis using run-time analysis, comparative analysis, and reverse engineering tools.
• Conduct digital forensics and deep investigations and evidence handling in line with best practices.
• Perform threat hunting, discovery, and exploration to identify threats that pass traditional detection tools.
• Perform proactive research to identify and characterize new emerging threats, vulnerabilities, and risks.
• Review and align priority, severity, and classification of security incidents.
• Develop metrics, reporting, and documentation on frequency, impact, and types of incidents.
• Collaborate on the investigation of incidents, containment, remediation, and root cause analysis.
• Collaborate and conduct research to design and implement new security technology, update existing strategies, improve processes, and create additional documentation.
• Develop techniques and processes to identify anomalous behavioral patterns.
• Collect contextual information and pursue technical root cause analysis and attack method analysis.
• Identify gaps, take ownership of tasks, and become a contributor to projects related to CIC as needed.
• Advocate security best practices, strategy, architecture, and assist in security design consultations.
• Apply strategic and tactical responses in challenging environments with heterogeneous systems.
• Provide functional support and content development and improvements for the SIEM and other security technologies used by CIC.
• Participate in development and implementation of new correlation rules and use-cases in SIEM and enhance the monitoring and detection capabilities of the CIC to integrate SIEM with other monitoring tools with appropriate scripting knowledge skills.
• Coordinate with internal and external stakeholders to handle cyber incidents as per approved SOPs and management directions.
• Participate in closing identified security audit points.
• Periodically report on IT security status, security systems efficiency, and recommended improvements to management.
• Be on-call 24 hours per day to respond to cybersecurity emergencies.