Cyber Security and Threat Monitoring Specialist - SOC; m​/f​/d

Role Purpose

The Cyber Security Operations (SOC) Specialist is responsible for monitoring the bank’s security environment, performing SIEM alert triage and investigation, and coordinating incident response activities aligned with NIST SP 800‑61. The role also involves producing threat intelligence reports for senior leadership, including the CISO and risk committees, to support informed decision‑making and strengthen the organization’s security posture.

• Monitor and analyze security alerts using SIEM platforms such as Splunk, Microsoft Sentinel, and IBM QRadar.
• Perform alert triage, validation, and prioritization based on severity and business impact.
• Investigate suspicious login activities, malware detections, network anomalies, and data exfiltration indicators.
• Correlate events from logs, endpoints and network devices to identify potential threats.

• Coordinate and support incident response activities in line with NIST SP 800‑61 guidelines.
• Perform initial containment, eradication, and recovery actions when applicable.
• Collaborate with internal teams (IT, Infrastructure, Risk) and external vendors during incident handling.
• Document incidents, response actions, and lessons learned.
• Ensure timely escalation of critical incidents to senior stakeholders.

• Generate threat intelligence reports and dashboards for the CISO and risk governance committees.
• Track and report threat trends, attack patterns and incident metrics such as MTTR and MTTA.
• Leverage threat intelligence feeds to enhance detection capabilities.
• Provide actionable recommendations to improve security posture.

• Fine‑tune SIEM rules and use cases to reduce false positives and improve detection accuracy.
• Participate in threat hunting activities to proactively identify hidden threats.
• Support development of playbooks and runbooks for incident response.
• Contribute to continuous improvement of SOC processes and controls.

• Ensure security monitoring activities align with internal security policies and banking regulatory requirements.
• Maintain accurate documentation of alerts, incidents and investigations.
• Support audits and compliance reporting.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or related field.

• 5‑8+ years of experience in a SOC or Cybersecurity Operations role.
• Hands‑on experience with SIEM tools such as Splunk, Sentinel and QRadar.
• Experience with incident response handling in enterprise environments.
• Experience in banking or financial services highly preferred.

• Strong understanding of security event analysis and log correlation.
• Knowledge of network protocols, endpoints and attack vectors.
• Familiarity with MITRE ATT&CK framework, threat intelligence platforms, and feeds.
• Knowledge of incident response frameworks (NIST, ISO 27035).

• Strong analytical and problem‑solving skills.
• Ability to prioritize and respond under pressure.
• Clear and concise communication skills for reporting to leadership.
• Attention to detail and investigative mindset.

• SIEM Monitoring & Analysis
• Incident Response Coordination
• Threat Intelligence & Reporting
• Cyber Threat Analysis
• Risk Awareness & Escalation
• Stakeholder Communication

• Certified SOC Analyst (CSA)
• GIAC (GCIH / GCIA)

• Hands‑on SOC experience with enterprise SIEM tools.
• Strong analytical mindset with investigative capabilities.
• Ability to clearly communicate technical findings to non‑technical stakeholders.
• Experience working in regulated environments such as banking or financial services.