Lead, Cyber Security Engineer -UAE National

About This Role

Job Summary:

To configure, manage, operate, and administer the Security Information and Event Management/Security Orchestration, Automation, and Response (SIEM/SOAR) management solution. This role serves as the point of contact for critical and complex issues, performs configuration and testing of products, and develops and documents work processes to enhance TAQA's security posture through the effective administration of platforms.

General Responsibilities:

• Policy, Procedures, Process and Systems
• Ensure the compliance of organization's policy, systems, processes, procedures, and controls in line with group delegation of authority policy so that all relevant procedural/ legislative requirements are fulfilled while consistently delivering quality and cost-effective service.
• Reporting
• Ensure that all reports are completed timely and comply with HQ and business policies and standards.
• Provide support in the preparation of periodical management reports and progress reports to keep the business senior management informed about the progress of various initiatives and to facilitate decision-making.
• Comply with organization requirements in a timely manner.

Job Specific Responsibilities:

• Lead the design and integration of Security Information and Event Management/ Security Orchestration, Automation and Response (SIEM/ SOAR) systems with existing security tools, systems, and platforms to ensure seamless operation and maximum efficiency.
• Customize and optimize SIEM/ SOAR solutions to improve threat detection, incident response, and overall security operations.
• Manage configuration of systems to detect, monitor and respond to threat incidents in the watchlists and create rules within the systems to meet compliance and audit requirements.
• Perform technical account management duties by assessing unique requirements, addressing their concerns, and ensuring the SIEM/ SOAR system meets their specific needs.
• Administer user accounts within the SIEM/SOAR system, including creating, deleting, and modifying accounts as required; oversee log source alterations, troubleshoot issues with log sources or systems, and promptly report any system defects that require attention.
• Conduct formal health checks and administrative password change, track performance of SIEM/ SOAR platforms to identify critical issues and perform formal architectural reviews to evaluate the system's design and make recommendations for enhancements or optimizations.
• Facilitate creation of custom rules or modify existing rules within the SIEM/ SOAR system to address specific security requirements and improve detection and response capabilities.
• Manage product enhancement and feature requests with vendors to improve the functionality and capabilities of the SIEM/ SOAR system and perform software upgrades, updates, and patches to ensure the system is up to date with the latest security features and fixes.
• Develop customized Watchlists based on client requirements, ensuring that the SIEM system effectively monitors and alerts on specific events and activities.
• Implement testing and configuration of new products and technologies and evaluate their compatibility, functionality, and effectiveness in enhancing security operations.
• Manage and continually develop the artificial intelligence platform and its connectivity to the SIEM/SOAR.
• Support the design and documentation of work processes by defining standard operating procedures, workflows, and guidelines with Security Operations Center (SOC) to ensure efficient and effective security operations.
• Develop, prepare, and customize custom reports to deliver tailored insights and in-depth analysis, ensuring the provision of valuable and actionable information.
• Ensure compliance with global laws and regulations pertaining to data transfer and data centralization, by implementing and maintaining robust security measures within the SIEM/ SOAR system.
• Formulate and implement automation initiatives to facilitate effective execution of operational changes and reduce downtime.
• Attend vendor-specific meetings and conferences to stay updated on the latest industry trends, technologies, and best practices to contribute to the continuous improvement of the SIEM/ SOAR systems.

These responsibilities are representative, and the role holder is also responsible for any other job assigned by the superior authorities from time to time.

Essential Requirements

• Bachelor’s degree in Information Technology, Information Security/Assurance, Engineering or equivalent
• 6 years of experience in security operations or similar role

Preferred Requirements

• Master’s degree Information Technology, Information Security/Assurance, Engineering or equivalent
• 6+ years of experience in security operations or similar role
• Certification in CISSP/CySA/CSAP/Networking Security/Security tools/SAN/GIAC/ GICSP