Works within the Security Operation Center (SOC) to monitor and respond to security alerts, remediate detected issues, tune rules, and work with the Incident Management process to remove threats and vulnerabilities within the Bank.
SIEM Log Reviews & Reporting
- Provide analysis and trending of security log data from a large number of heterogeneous security devices.
- Analyze and respond to security events and offenses from SIEM.
- Investigate security events forwarded from other functions and clients for security risk assessment.
- Investigate, document, and report on information security issues and emerging trends.
- Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.
- Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
- Define and review the SIEM reports on daily, weekly, and monthly basis.
SIEM Maintenance & Tuning
- Perform system maintenance activities and maintain current documentation.
- Regularly monitor the performance of the SIEM server.
- Define and review the SIEM dashboards.
- Establish the use cases and implement.
- Define and tune the rules & offenses.
- Review the SIEM updates/patches and coordinate for installation as per policy.
- Responsible for troubleshooting agent software issues.
- Establishment of custom log parsers.
Log backups & management
- Create, verify and test all daily backups of SIEM logs stored in backup storage.
Assist in developing/enforcing IT security procedures
- Develop and enforce SOC procedures at KMBL and make updates as required.
- Ensure General IT security procedures are being adheres to at the Bank.
- Report any violations of IT security procedures to line manager.
- Assist in DR/BCP activities.
- Review and report improvements in IT DR/BCP process.
Vendor coordination & threat intelligence monitoring
- IBM support collaboration for SIEM troubleshooting.
- Local vendor collaboration for SIEM related issues.
- Monitor and review the cyber security threats/alerts to remain updated with industry best practices and to establish advisories.
- Complete other tasks and one-off projects as and when assigned by Manager IT Security.
Knowledge, Skills, Abilities & Other attributes
- BS/MS in Computer Science or Computer Engineering from an HEC recognized / overseas University.
- Certification in Networks, Datacenter, ISMS, SIEM technologies or CEH would be an added advantage.
- Proficient in security architectures of datacenter and networking technologies
- Proficient in security methodologies, processes, and technical security solutions (Firewall, IDS/IPS, SIEM etc.)
- Proficient in MS Office suite.
- Well organized with good analytical and time management skills.
- Good report writing skills.
- Ability to multi-task, prioritize, and manage time effectively.
- Exhibits and upholds KMBLs values and social performance objectives.
Duration and Nature of Previous Experience
- Preferably 1-2 years experience as an IT security/Network/System Administrator or equivalent knowledge.