Job description

Job Description: • Strategic Threat Defense & Security Roadmap • Work closely with the Head of CSOC to define and refine CSOC strategy to address emerging cybersecurity threats. • Continuously evaluate and enhance detection and response frameworks, aligning with business risk and threat landscape evolution. • Lead SOC maturity initiatives, driving automation, advanced analytics, and intelligence-driven security operations. • Develop KPIs and CSOC performance metrics to measure effectiveness and resilience against modern cyber threats. • Act as a trusted advisor to executive leadership, Enterprise IT Security (EITS) teams, and business stakeholders on cyber risk and response strategies. • Advanced Incident Response & Threat Hunting • Serve as the highest-level escalation point for complex cybersecurity incidents, including nation-state APTs, ransomware, and insider threats. • Conduct proactive threat hunting using behavioral analytics, anomaly detection, and adversary tracking. • Perform deep forensic investigations into network intrusions, malware infections, and cloud-based threats. • Develop custom SIEM detection logic, EDR rules, and network security signatures to enhance threat visibility. • Correlate threat intelligence (TI), security logs, and endpoint telemetry to identify persistent threats and attack patterns. • Cyber Threat Intelligence & Emerging Threat Research • Stay up to date with the latest cybersecurity news, APT activities, vulnerabilities, and exploit trends. • Drive threat modeling exercises to anticipate and counter evolving adversary tactics, techniques, and procedures (TTPs). • Lead adversary tracking initiatives, mapping threats to MITRE Telecommunication&CK, Cyber Kill Chain, and TIBER-EU frameworks. • Collaborate with global threat intelligence teams to curate and integrate high-value threat intelligence into CSOC operations. • Evaluate new attack vectors, malware strains, and exploit techniques, ensuring defensive capabilities remain ahead of adversary innovation. • Security Engineering & SOC Enhancement • Partner with cybersecurity engineers, architects, and IT teams to improve enterprise security posture. • Lead security automation (SOAR) initiatives, developing playbooks and automated response workflows. • Recommend and implement advanced detection technologies, including UEBA, deception technologies, and AI-driven threat analytics. • Assist in red team/blue team exercises, purple teaming engagements, and cyber resilience stress tests. • Leadership, Mentorship & Expert Advisory • Act as a mentor and technical coach to CSOC analysts (L1-L3), fostering continuous skill development. • Design and conduct advanced training programs and tabletop exercises to prepare SOC teams for high-impact incidents. • Represent the CSOC in executive briefings, security conferences, and cybersecurity think tanks. • Assist in developing and enforcing cybersecurity policies, standards, and compliance frameworks. Minimum Qualifications: Education And Experience: • Bachelor's or Master's degree in Cybersecurity, Computer Science, or a related field. • 10+ years of hands-on cybersecurity experience, with deep expertise in SOC operations, incident response, and cyber threat intelligence. • Demonstrated experience leading complex investigations into APTs, cybercrime operations, and enterprise-wide security incidents. • Technical Skills & Expertise • Advanced Incident Response & Forensics: • Expert-level proficiency in digital forensics, memory analysis, network forensics, and endpoint telemetry analysis. • Ability to track adversary TTPs across enterprise environments using advanced threat intelligence correlation. • Security Tools & Technologies: • Hands-on experience with industry-leading SIEM, EDR, IDS/IPS, forensic tools, and threat intelligence platforms. • Proficiency in YARA rule development, Sigma rules, and custom detection engineering. • Cyber Threat Intelligence & Adversary Tracking: • Expert understanding of nation-state cyber threats, APT campaigns, and cybercriminal ecosystems. • Strong working knowledge of MITRE Telecommunication&CK, Diamond Model, Cyber Kill Chain, and TIBER-EU methodologies. • Ability to reverse engineer malware and extract indicators of compromise (IOCs) and tactics of adversaries. • Scripting & Security Automation: • Proficiency in Python, PowerShell, or Bash for security automation, log parsing, and threat hunting. • Experience building custom SOAR playbooks to automate incident response and threat containment. • Cloud & Network Security: • Strong understanding of cloud security monitoring (AWS, Azure, GCP) and zero-trust architecture principles. • Deep knowledge of network security protocols, firewall technologies, and modern identity-based threats. Preferred Qualifications: Advanced Certifications: • CISSP, GCIH, GCFA, GCFE, GNFA, OSCP, CCTHP, CTIA, or CISM. • Deep Cybersecurity Expertise in: • Cyber Threat Hunting & Intelligence-Driven Defense • Advanced Malware Analysis & Reverse Engineering • Security Automation & Orchestration (SOAR) • Network & Endpoint Forensics • Cloud Security & Identity Threat Detection • Leadership & Strategic Impact: • Experience defining SOC strategy, cyber defense roadmaps, and risk mitigation frameworks. • Ability to bridge technical findings with executive-level security strategy and risk management

Requirements