Officer - Cyber Security Operation

Support and assist the Cybersecurity Operations team in monitoring, detecting, analyzing, and responding to security incidents across enterprise systems and networks.

Lead end to end incident handling spanning preparation and identification through containment, eradication, recovery, and lessons learned while enhancing ATT&CK-mapped detections, and response runbooks. Align activities to ISO 27001, NIST CSF, MITRE ATT&CK, and applicable regulations (e.g., Dubai ISR, Dubai Data Privacy Law) to reduce risk and strengthen resilience.

The individual will be responsible for the SIEM administration and operations, log source onboarding and normalization, correlation rule/use-case development and tuning, dashboarding and reporting, data quality and health monitoring, and development of SOAR to improve detection fidelity and MTTR.

The individual in this position will be instrumental in safeguarding the security and stability of our organization’s IT environment. Moreover, after hours support will be required to address any critical security issues that may arise.

Key Responsibility:

1. Own SIEM administration and operations: log source onboarding/normalization, data quality and health monitoring, capacity/retention management, dashboarding, and reporting.
2. Engineer and continuously tune detection use cases and correlation rules mapped to MITRE ATT&CK; reduce false positives and improve signal to noise.
3. Design, build, and maintain SOAR and SOAR playbooks for alert triage, containment, and recovery; automate repetitive tasks to lower MTTR.
4. Lead end to end incident handling (preparation, identification, containment, eradication, recovery, lessons learned) and maintain response runbooks/evidence handling.
5. Perform alert triage, impact assessment, and coordinated containment across endpoints, networks, cloud, email, and identity systems.
6. Conduct threat hunting using SIEM queries, endpoint telemetry, EDR, and network artifacts; pivot from IOCs/TTPs to discover unknown threats.
7. Coordinate forensic data collection, chain of custody, and root cause analysis; support post-incident remediation and resiliency improvements.
8. Integrate and monitor critical log/telemetry sources (EDR, NDR/IDS, firewalls, proxies, identity/IDP, cloud providers, email security, DLP).
9. Track and report operational metrics (MTTD, MTTR, containment time, detection efficacy) and drive continuous improvement.
10. Ensure alignment with ISO 27001, NIST CSF, MITRE ATT&CK, and applicable regulations (e.g., Dubai ISR, Dubai Data Privacy Law).
11. Maintain documentation: playbooks, runbooks, incident records, detection catalogs, and architecture/knowledge artifacts.
12. Support tabletop exercises, purple team activities, and control validations to test readiness and refine playbooks.
13. Partner with IT and business stakeholders; provide clear incident communications and executive updates during major events.
14. Participate in an afterhours/on call rotation to respond to critical security incidents.