Information Technology Reports to: SOC Manager Department: Services
2 Job Purpose ➢ The MEEZA Security Operations Centre (SOC) offers a leading edge protective monitoring service 24x7 to its customers. A key role within the Security Operations Centre (SOC) is keeping abreast of evolving Cyber threats and identifying new and sophisticated methods of detecting them across a customer’s IT estate ➢ You will be responsible for investigating alerts and security events to identify security incidents that need to be resolved. analyzing network, application and system log events in order to identify any potentially abnormal system behaviors and raise them as incidents for investigation. These will then be investigated to establish if these are expected events or a security threat whereby they will be escalated to appropriate customer or technical resources for remedial action ➢ In addition, as an Engineer you will have the important role of working with industry partners and external organizations to constantly tune the MEZZA security services by implementing advanced detection rules into the Security Information and Event Management (SIEM) and Vulnerability Management (VM) solutions as well as optimise these tools for use in the services delivery
3 Job Dimensions Annual Operating Budget: N/A
Number of Staff Supervised: 0 Direct Reports & Total: 0
4 Key Result Areas
➢ Making sound technical and business decisions in a sometimes resource restricted environment ➢ Must be approachable and uphold values and characteristics of a MEEZA Employee at all times ➢ Maintain a good relationship with customers and internal functions while resolving their issues quickly and professionally
YOUR IT ADVANTAGE PO Box 892 Doha - Qatar T +974 4004 0000 F +974 4004 0004 E info@meeza.net www.meeza.net ➢ Responsible for generation of observations and recommendations for operational optimization ➢ To assist in developing and implementing processes for detecting, identifying and analyzing security related events in coordination with client’s security policy and risk management ➢ To identify vulnerabilities on corporate IT assets to mitigate the risk of exploitation of these vulnerabilities and to respond to such attacks in a professional and efficient manner
5 Operating Environment, Framework & Boundaries
➢ Work closely with both internal and external entities in achieving goals and objectives ➢ Need to work effectively with multi-national, multi-cultural environment
6 Communications and Working Relationships
➢ Good interpersonal skills and able to work effectively at all levels with people from a wide range of backgrounds and cultures ➢ The desire to foster and work in a spirit of partnership and a highly collaborative working style ➢ Stakeholder focused; highly effective at building relationships and influencing, both internally and externally ➢ Relishes working within a complex and demanding environment – has the courage to take decisions when required in this kind of environment ➢ Displays the highest levels of integrity and commitment
7 Problem Solving & Complexity
➢ Demonstrable experience of analysing and interpreting system, security and application logs in order to understand and differentiate between security incidents and normal system behaviours to develop use cases and correlations rules for detecting potential security incidents ➢ Demonstrate an understanding of forensically-sound investigation handling and technique ➢ Demonstrate the ability to identify new security vulnerabilities, virus proliferation trend and provide risk assessment on the company’s exposure ➢ Demonstrate expertise in Security audit such as performing penetration testing on information systems ➢ Demonstrate the ability to identify indicators of compromise, Attack tools, tactics and procedures (TTPs) and provide action plans to detect and contain
8 Decision Making Authority & Responsibility
➢ This job is free to determine how to achieve clearly defined annual departmental objectives through directing others. It is covered by functional policies (as distinct from procedures) and precedents. It is subject to executive management review and direction
Ref.: SOC Engineer JD Page 2 of 5
Document ID No.: MZA-21-12207 / MEEZA Only / Version 5.00 12 July 2021 9 Knowledge, Skills & Experience Minimum Requirements ➢ University degree in any field related to Information Technology ➢ Minimum 5 years’ experience focused in the IT Security field (e.g. Incident Response, Incident Investigation, Incident Remediation) ➢ Minimum 3 years’ experience in managing and administering a SIEM tool (e.g. ArcSight, LogLogic, enVision, Q1 Labs, McAfee ESM, etc.) and minimum 2 years’ experience in managing and administering a Vulnerability Management tool (e.g. Tripwire IP360, Qualys, Nessus, etc.) ➢ Minimum 3 years’ experience in developing Use Cases and creating Correlation Rules ➢ Minimum 3 years’ experience in hands-on security incident investigations (e.g. System and network compromise/breach, exploitation of vulnerabilities, etc.) ➢ Minimum 5 years’ experience in administering or managing Security Solutions such as Endpoint Security, Web and Email Filter, APT, etc. ➢ A solid understanding of Information Security concepts; relating to the Confidentiality, Integrity and Availability of information ➢ A solid background on various IT systems such as Windows, Linux, Network and Security devices especially pertaining to logs generated in relation to security monitoring ➢ A sound knowledge of IT security best practice, common attack types and detection / prevention methods ➢ An excellent communicator at all levels ➢ Strong written and verbal communication skills ➢ Hands-on experience in creating custom detection signatures in a SIEM solution ➢ A strong background in SIEM and VM technology architecture and deployment ➢ An active interest in Cyber Security, incident detection, network and systems security
Desirable Skills ➢ Exposure to IT service management best practices such as ITIL ➢ Experience in delivering MSSP services ➢ Attention to detail and great organisational skills ➢ Programming or scripting knowledge e.g. Java, VBScript, PowerShell, Excel manipulation ➢ Strong desire for process and task automation ➢ Experience in conducting penetration testing activities ➢ Experience in performing forensic investigations (e.g. Memory Forensics, Computer Forensics, etc.)
Certifications ➢ Certified Ethical Hacker / Licensed Penetration Tester / Hacking and Forensics Investigator ➢ SANS-related qualifications e.g. GCIH, GCIA and GCFA
10 ROLE Competencies
Ref.: SOC Engineer JD Page 3 of 5
Document ID No.: MZA-21-12207 / MEEZA Only / Version 5.00 12 July 2021 Competency Definition Required Level Commitment to providing excellent service to 3 Service Excellence customers both internal and external Ability to achieve objectives / goals or to leads 3 Empowerment teams to achieve their goals Seeking out and sharing knowledge of the 2 Understanding the market relevant market or industry Determination to deliver results and / or motivate 3 Commitment & Drive others to do the same Influence on company profitability through 2 capitalising on opportunities and sound Being Commercial commercial judgement Making the right choices in challenging 3 situations, including the communication of Making Decisions rationale to others Improving skill set or knowledge for yourself, 2 other people in your team and the wider Developing Self & Others organisation Positive reaction to organisational changes and / 2 or the ability to plan and execute changes Working with Change effectively Ability to communicate professionally in both 2 written and oral form to achieve the desired Communication & Impact results Embracing or creating a team culture to enable 3 the organisation to move forward in the same One Team direction Ability to form and foster relationships with key 2 stakeholders both internal and external to Productive Relationships achieve progress Alignment with / awareness of the overall 2 company strategy, or positive influence on our Strategic Alignment strategic direction
Ref.: SOC Engineer JD Page 4 of 5
Document ID No.: MZA-21-12207 / MEEZA Only / Version 5.00 12 July 2021 11 Approvals Statements in this Job Description are intended to reflect, in general, the duties and responsibilities of the position, but are not to be interpreted as totally inclusive. Line Manager/Chief of Department: Signature: Date:
Name:
Employee: Signature: Date:
Name:
Ref.: SOC Engineer JD Page 5 of 5
Document ID No.: MZA-21-12207 / MEEZA Only / Version 5.00 12 July 2021
