About Role
You would be part of the 24/7 Cyber Security Operations Center (SOC) team with an operational role to detect, prevent, and respond to cyber-attacks. This is a hands-on technical cyber security role with expertise in Security Operations Center and incident response and in the areas of endpoint security, application security, network security or Cloud security.
Role and Responsibilities
- Be part of 24/7 team for cyber security alert monitoring and incident response and be responsible to track and close all alert tickets raised on IT Service Management tool.
- Implementation of the technical controls and configurations on cyber security solutions and appliances in lines with the Security Incident Response procedures laid down by the Cyber Security Manager.
- Must also be able to participate in rotating shifts and must be able to work collaboratively. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role
- Assist the Cyber Security manager in the analysis of security breaches to identify the root cause and also to implement preventive measures.
- Support Cyber Security Manager in reviewing and updating the company’s cyber security incident response plan, procedures, playbooks and tactical response guides.
- Perform log event analysis by correlating data from various log sources for threat detection.
- Provide support to Incident Response activities for collecting evidences and in monitoring of mitigation steps.
Qualifications
Knowledge, Skills & Experience
- Bachelor Degree holder with minimum 4 years of relevant experience with minimum 1+ yrs of experience in Azure Sentinel and MS Defender.
- Proficient with Azure Sentinel and MS Defender; focusing primarily on SIEM (security information and event manager) for monitoring, XDR (Extended Detection and Response) for incident response actions.
- Possess knowledge of a Security Operations Center (SOC) operations
- Possess knowledge on log management, logs generated by various applications or appliances of IT infrastructure for SIEM event correlation.
- Ability to define various SIEM use cases based on IT environment for better detection of anomalies
- Working Knowledge on SIEM tools On-Prem (Splunk) and on cloud (MS Azure Sentinel)
- Experience being part of Cyber Security Team which monitors a large geographically dispersed technology environment
- Preferable if the candidate possess any of the MS Certifications AZ-900 and SC-200 / AZ-500
How to apply
Application Guidelines
Employees must submit applications through internal vacancies portal (via GEMS) only.
Please see below for all eligibility and requirements for internal applications and please note that any applications not meeting the criteria will not be processed.
- All internal candidates can only have three active applications at any point in time.
- All internal candidates must have completed a minimum 10 months in their current role in order to apply for a new role
- All internal candidates with an active final warning letter will be automatically disqualified from the recruitment process
- If you are Cabin Crew or Deck Crew (Qatar Airways & Qatar Executive) candidate, you would require NOC to apply for this role.