ROLE
– Detect, analyse, and respond to security threats to ensure the confidentiality, integrity, and availability of organisational systems.
– SIEM Platform Administration
– Manage and integrate Microsoft Defender XDR, including Defender for End-point, Identity and Cloud Apps.
– Onboard log sources including servers, applications, databases, network devices, and cloud platforms.
– Configure and fine-tune correlation rules, alerts, dashboards, and reports.
– Security Monitoring & Incident Detection
– Identify, analyse, and triage security incidents and potential threats.
– Escalate incidents as per defined incident response procedures.
– Incident Response & Investigation
– Support security incident response activities including containment, eradication, and recovery.
– Perform initial forensic analysis and collect evidence for investigations.
– Document incidents, root cause analysis, and lessons learned.
– Threat Intelligence & Use Case Development
– Integrate threat intelligence feeds into SIEM platforms.
– Develop, tune, and maintain SIEM use cases based on threat trends and risk assessments.
– Continuously improve detection capabilities to reduce false positives.
– Compliance & Reporting
– Generate security reports for management, audits, and compliance requirements.
– Ensure log retention and monitoring meet regulatory and organisational requirements.
– Tool Integration & Automation
– Integrate SIEM with SOAR, endpoint security, firewall, IDS/IPS, and cloud security tools.
– Support automation of incident response workflows where applicable.
– Collaboration & Continuous Improvement
– Work closely with IT, Network, Cloud, and Security teams.
– Participate in vulnerability management and security improvement initiatives.
– Stay updated on emerging threats, attack techniques, and security best practices.

REQUIREMENTS
– Qualification:
– Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or a related field.
– Certification:
– Microsoft AZ-500
– Microsoft Defender
– IBM QRadar Certified Administrator.
– ArcSight ESM Certification.
– CompTIA Security+ or CySA+.
– Experience:
– Minimum of 2 years of experience
– Job Specific Skills:
– Hands-on experience with SIEM platforms and SOC operations.
– Strong knowledge of security logs, events, and alert analysis.
– Understanding of networking, firewalls, IDS/IPS, and endpoint security.
– Knowledge of MITRE ATT&CK framework and incident response processes.
– Strong analytical, documentation, and communication skills.