Objective of job

To safeguard the organization's information assets by proactively managing security risks, effectively responding to incidents, and continuously improving the overall security posture.
-Protect the organization's information assets by maintaining confidentiality, integrity, and availability.
-Proactively identify, assess, and mitigate security risks and vulnerabilities.
-Lead and coordinate effective responses to security incidents, minimizing impact and ensuring timely recovery.
-Continuously improve the organization's security posture through proactive monitoring, analysis, and implementation of security best practices.
-Ensure compliance with relevant security standards, regulations, and policies.

Job designation

•Security Incident Management    
-Monitor and respond to security incidents in alignment with incident response protocols.
-Lead incident response efforts to ensure timely containment, eradication, and recovery from security threats.
-Conduct thorough investigations of security incidents, including log analysis, host-based and network forensic investigations, to determine the root cause and impact.
-Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.
-Coordinate investigation, containment, and other response activities with business stakeholders and groups.

•Vulnerability Management
-Conduct vulnerability assessments and manage remediation efforts.
-Continually identify, assess, report on, manage, and remediate vulnerabilities across endpoints, workloads, and systems.

•Security Operations    
-Fine-tune incident detection and alert-triggering rules to minimize false positives and improve detection accuracy.
-Analyze and improve security measures by assessing and updating policies, configurations, and procedures.
-Maintain situational awareness by tracking emerging threats, attack patterns, and tactics, techniques, and procedures
-Develop and maintain documentation, playbooks, and standard operating procedures.
-Perform onboarding of new team members and facilitate smooth integration.
-Help develop processes used for internal and external planning and collaboration.
-Provide technical and administrative support for day-to-day operations.

•Collaboration and Communication    
-Collaborate with IT and RD application teams to ensure security is integrated into all stages of the software development lifecycle.
-Provide security training and awareness programs for employees.
-Communicate security status, risks, and incidents to executive leadership and other key stakeholders.

Qualification

•Technical Skills and Knowledge:
-Strong understanding of security operations concepts, incident response methodologies, and vulnerability management principles.
Hands-on experience administering and configuring security tools such as SIEM, SOAR, firewalls, intrusion detection/prevention systems, and vulnerability scanners.
-Familiarity with scripting languages (e.g., Python, PowerShell) for task automation and tool customization.
-Knowledge of cloud platforms such as AWS, Azure, Ali Cloud or other cloud platform.
-Strong analytical and troubleshooting skills for rapid issue resolution under pressure.
-Excellent communication skills, both written and verbal, for technical and executive audiences.
-Adaptability and resilience in the face of evolving cyber threats.
•Proficiency in security frameworks and various compliance standards like ISO 27001, SOC, NIST, etc.
•Relevant certifications, CISA, CISSP, CISM
•> 5 years experience in security operations, incident response, threat detection and analysis, or similar roles
•Education: Bachelor's degree and above in Computer Science encompassing Information Security