1. SOC Operations – Incident Response Lead
Lead and oversee 24x7 SOC operations ensuring effective monitoring and timely response to security events. Own the end-to-end incident response lifecycle including detection, containment, eradication, recovery, and post‑incident review. Act as the primary escalation point for high severity P1 and P2 cybersecurity incidents. Ensure incidents are handled within defined SLAs, playbooks, and escalation frameworks.
2. Threat Detection, Monitoring & ResponseEnsure optimal configuration, tuning, and operational effectiveness of security tools including SIEM, SOAR, EDR/XDR, NDR, and UEBA. Oversee development and enhancement of use cases, detection rules, and alert correlation logic. Lead proactive threat hunting and continuous monitoring activities aligned with emerging threat landscapes. Ensure SOC practices align with MITRE ATT&CK, threat intelligence feeds, and industry best practices.
3. Governance, Risk & Regulatory ComplianceEnsure SOC operations comply with CBUAE Cyber Risk Management regulations, ADCB Information Security policies, and applicable international frameworks such as NIST and ISO 27001. Support internal audits, regulatory examinations, and compliance reviews. Maintain up‑to‑date SOC documentation including SOPs, runbooks, incident reports, and dashboards.
4. People Management & Capability DevelopmentLead, coach, and develop SOC analysts and incident responders (L1, L2, L3). Define shift rosters, skill matrices, training plans, and performance objectives. Drive continuous capability uplift through training simulations, tabletop exercises, and lessons learned. Promote a security culture and operational discipline within the SOC team.
5. Vendor & Third‑Party ManagementManage SOC vendors, MSSPs, and technology partners. Monitor vendor performance against contractual SLAs and KPIs. Coordinate vendor involvement during incidents, investigations, and forensic activities. Support vendor reviews, renewals, and service improvement initiatives.
6. Reporting & Stakeholder EngagementProvide regular SOC operational and risk reports to senior management covering incident trends, metrics, SLA compliance, and threat landscape overview. Brief senior stakeholders during major incidents and crisis situations. Collaborate closely with IT Infrastructure, Cloud, GRC, and Business teams. Key performance indicators include Mean Time to Detect, Mean Time to Respond, incident SLA compliance, and reduction in repeat high severity incidents.
Audit and regulatory compliance outcomes.
Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related discipline. Minimum 10 years of experience in cybersecurity, with at least 5 years in SOC/Incident Response leadership. Strong experience operating SOC functions within banking or regulated environments. Preferred certifications: CISSP, CISMGIAC, GCIAC, GCED, GCIA, Cloud security certifications (AWS/Azure Security). Technical & professional skills: strong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms;
deep understanding of cyber threats, malware, ransomware, and APTs; hands‑on experience with incident handling, digital forensics, and log analysis; strong analytical, decision‑making, and crisis management skills. Behavioral competencies: leadership and accountability; ability to operate under pressure; clear communication with senior stakeholders; risk‑based decision making; strong collaboration and stakeholder management.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).