Lead, Cyber Security Operations - UAE National

About This Role

Job Summary:

The Lead, Cyber Security Operations is responsible for advanced threat detection and response within TAQA Group's cybersecurity operations, including IWPP and other non-operated assets as defined by the UAE regulatory authority. This role involves analysing security events, identifying vulnerabilities, and implementing countermeasures to protect TAQA's digital assets and critical infrastructure. The Lead, Cyber Security Operations, in collaboration with security teams across TAQA, enhances the overall security posture and plays a key role in threat hunting, incident response, and maintenance of security architecture. The position also addresses intrusion alerts and malicious activities, implementing critical remediation measures to strengthen TAQA's security and ensure continuous protection across both IT and OT domains.

General Responsibilities:

• Policy, Procedures, Process, and Systems
• Ensure the compliance of the organization's policy, systems, processes, procedures, and controls in line with Group delegation of authority policy so that all relevant procedural/ legislative requirements are fulfilled while consistently delivering quality and cost-effective service.
• Reporting
• Ensure that all reports are completed in a timely manner and comply with HQ and business policies and standards.
• Provide support in the preparation of periodical management reports and progress reports to keep the business senior management informed about the progress of various initiatives and to facilitate decision-making.
• Comply with organization requirements in a timely manner.

Job Specific Responsibilities:

• Support the implementation of comprehensive threat monitoring programs, processes, procedures, and tools for collecting, analysing, and disseminating alerts, as well as developing security information and event management (SIEM) use cases.
• Monitor and respond to emerging cybersecurity threats affecting SOC environments, applications, and systems, including malware, phishing attacks, insider threats, and advanced persistent threats (APTs).
• Utilize SOC tools and techniques to actively search for indicators of compromise (IOCs), suspicious activities, and emerging threats within the TAQA environment, ensuring a proactive security posture.
• Analyse security event logs, network traffic, and other relevant data sources to identify patterns, trends, and anomalies indicative of potential threats or malicious activities, providing actionable insights for future prevention strategies.
• Assess and test network and system integrity to detect unauthorized behaviours, escalating findings to the Security Incident Response team for prompt resolution.
• Collaborate with internal and external stakeholders during investigations to determine whether a security incident has occurred, identify root causes, and provide recommendations for remediation.
• Perform risk analysis, attack simulations, and both automated and manual ethical hacking at the application level, developing proof-of-concept exploits as needed.
• Document and publish incident response reports for all incidents handled and closed, ensuring compliance with regulatory requirements.
• Manage the lifecycle of security incidents, including case tracking, documentation, and maintaining detailed records of investigations.
• Collaborate effectively with cross-functional teams, including security operations, incident response, network engineering, and IT support, to share insights, coordinate response efforts, and implement industry-leading security best practices.
• Stay updated about the latest cybersecurity threats, attack vectors, and industry trends through continuous research and threat intelligence feeds.
• Validate incidents reported by Managed Security Service Providers (MSSP) and Managed Detection and Response (MDR) service providers, providing feedback as necessary.
• Provide feedback on security incidents and response efforts to improve processes and tools used in the security operations center.
• Perform confidential forensic investigations and employee investigations as directed by the Ethics and Compliance team, ensuring thoroughness and adherence to organizational standards.
• Maintain a strong understanding of advanced threats and continuous vulnerability assessments used in cybersecurity operations.

These responsibilities are representative, and the role holder is also responsible for any other job assigned by the superior authorities from time to time.

Essential Requirements

• Technology, or equivalent
• 8+ years of experience in a cybersecurity operations center role
• Splunk Power User Certification

Preferred Requirements

• Master’s Degree in Engineering/ Computer Science/ Information Technology/ or a certificate diploma or equivalent
• 10+ years of experience in a cybersecurity operations center role
• Certifications in CEH/ CISSP/ CSAP/ SAN/ GIAC/CySA and security tools are preferred
• Splunk Architect Certification