Security Operations

• Write detection signatures, tune security monitoring systems/ tools, develop automation scripts and correlation rules.
• Identifying and managing a wide range of intelligence sources to provide a holistic view of the threat landscape. (OSINT aggregation)
• Manage the Security Operations & Threat Intel Program at Noon
• Build a centralized SOC for Web and Cloud services for Noon Group.
• Participate as a member of the CSIRT during major incidents and lend contributions to post-Incident review and continuous improvement
• Drive improvements in detection, response capabilities, and operations for the SOC/TI
• Create and enhance SOC/TI, incident handling and response policies, processes and procedures.
• Exhibit knowledge of attacker lifecycle, TTPs, indicators of compromise (IOCs), and proactively implementing countermeasures to neutralize the threats.
• Identifies opportunities to enhance the development and implementation of new methods for detecting attacks and malicious activities.
• Work continuously with the security team to advance the Security Detection & Prevention Program, take initiatives with proactive approaches to strengthen our security monitoring and detection capabilities for our web apps and cloud services.
• Proactive threat hunting of anomalies to identify IOCs and derive custom detection alerts for the IOCs
• Act as the focal point for security operations, incident detection and response, threat intel, and contribute to security detection programs
• Provide cyber risk and threat identification by proactively and continuously monitoring the internal/external landscape for relevant events, risks and threats related to malicious code, vulnerabilities and attacks.