Security Operations Lead

Job description / Role

Information and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
This role is based in Jubail and will be responsible for leading teams in security operations, incident response and Security Operations Center (SOC). Candidate must have extensive experience in various security control areas such as SIEM, Next Gen Firewalls, IDS, IPSEC, SSLVPN, APT, WAF, EDR, Next Generation EPP, NAC, Deception and Cloud based security technologies across various infrastructure platforms. Ideally, extensive experience in Windows infrastructures, as well as having a deep knowledge of networking security, vulnerability management and attack methods. Must have proven hands on experience in Blue team exercises with excellent communication and leadership skills. Candidate should be an active participant in multiple intelligence communities and be able to disseminate pertinent threat information throughout the Security Operations and to the technical and business stakeholders.

Key Responsibilities
- Lead and manage Security Operations function with a distributed team of at least 10 resources while being the focal points for the client/organization.
- Lead an insourced/outsources MSSP SOC in delivering a unified and seamless end to end service to the client/organization.
- Lead level 2 security analysts and EDR teams in threat management, triage and response.
- Lead the design and the implementation of SIEM use cases, reports and dashboards.
- Lead the integration of standard and non-standard logs in SIEM.
- Lead the Configuration & Management of UTMs/firewalls (Palo Alto experience preferred) and Endpoint security technologies (EPP,EDR), Network security technologies (NAC, SSL VPN, IPSEC), Deception technologies.
- Lead the configuration & Management of Cloud security technologies.
- Lead investigation, response and mitigation efforts when security incidents arise and perform.
- Creation of Management and Executive reports, dashboards, metrics for SOC and Security operations and presentation to Sr. Mgmt.
- Provide technical direction, mentorship and enablement to team members.
- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
- Revise and develop processes to strengthen the current Security Operations and threat management Framework, Review policies and highlight the challenges in managing SLAs
- Co-ordination with stakeholders, build and maintain positive working relationships with them

Requirements

Required Technical and Professional Expertise
- Degree in Computer Science/Engineering degree or equivalent with 7+ years of dedicated experience in Cyber security with at least 3 years in a similar role leading security operations.
- Working knowledge of systems communications from OSI Layer 1 to 7 and experience in identifying and implementation security control at each of the layers. In-depth working knowledge of TCP/IP, protocols and packet analysis.
- 4+ years of experience in Infrastructure, Endpoint and Network security tools configuration and management preferably with Palo Alto and Sophos UTMs, Symantec Endpoint Security, Carbon Black Response / Palo Alto Cortex Microsoft Security & Office 365 Security and IBM QRadar SIEM.
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for security investigation purposes
- Advanced knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)

Preferred Technical and Professional Expertise
- CISSP certified
- Any 2 of the following: Offensive Security Certified Professional (OSCP), GIAC Certified Intrusion Analyst (GCIA), GIAC Continuous Monitoring (GMON), GIAC Defending Advanced Threats (GDAT), GIAC Certified Detection Analyst (GCDA)
- CCNA Routing, Switching and Security Certified
- Certified Ethical Hacker
- Scripting or Automation knowledge is desirable

About the Company

For more than six decades, IBM Middle East & Pakistan has played a vital role in shaping the information technology landscape of the region. Today, IBM is part of the region's technological fabric, solving real-world business and societal challenges, through its offices in UAE, Saudi Arabia, Qatar, Kuwait and Pakistan, and also a diversity of centers across the region.

Within the region, IBM currently has groundbreaking initiatives in cloud computing, analytics, mobile, security, as well as nanotechnology, eGovernment, healthcare and many more, collaborating with leading educational institutes and governments. IBM supports hundreds of clients to drive transformation through technology, contributes to regional research & development programs and has an active Corporate Service Corps (CSC) program.

Reinvention is a keyword in the company's history and, today, IBM is much more than a "hardware, software, services" company. IBM is now emerging as a cognitive solutions and cloud platform company.