Browse
···
Log in / Register
Summary: Seasoned security professional responsible for continuous monitoring, threat detection, incident response, and security assurance across corporate networks, endpoints, cloud platforms, and applications. Highlights: 1. Lead containment, eradication, and recovery activities in incident response. 2. Execute proactive threat hunts leveraging telemetry and threat intelligence. 3. Develop and tune SIEM correlation rules, EDR policies, and SOAR playbooks. **QATAR VISION PROJECTS** The company provides design coordination, project planning, contract administration, and onsite construction management—focusing on timely delivery, cost control, and compliance with local regulations and Qatari standards. ***Overview*** Seasoned security professional responsible for continuous monitoring, threat detection, incident response, and security assurance across corporate networks, endpoints, cloud platforms, and applications. Works with IT, DevOps, and business stakeholders to reduce risk, improve detection fidelity, and ensure regulatory and audit readiness. **Key responsibilities** **Security monitoring \& alert management** \-Triage and validate alerts from SIEM, EDR, IDS/NGFW, CASB and cloud\-native security sources; prioritize incidents by business impact and escalate per defined SLAs. **Incident response \& investigations** \-Lead containment, eradication and recovery activities; perform root\-cause analysis, preserve forensic evidence, coordinate remediation with IT/DevOps, and produce actionable incident reports and executive summaries. **Threat hunting \& malware analysis** \-Execute proactive hunts leveraging telemetry and threat intelligence (IOCs/TTPs); perform basic static/dynamic malware analysis and escalate complex analysis to forensics teams. **Detection engineering \& tooling optimisation** \-Develop and tune SIEM correlation rules, EDR policies and SOAR playbooks to increase signal fidelity, reduce false positives and automate repetitive tasks. **Vulnerability coordination \& risk remediation** \-Ingest vulnerability scan results, assess exploitability, prioritise remediation with owners and track closure against SLAs. **Forensics \& log analysis** \-Collect and analyse host, network and cloud logs; conduct packet\-level investigations and maintain chain\-of\-custody for evidence when required. **Playbooks, documentation \& reporting** \-Maintain incident playbooks, runbooks, run regular tabletop exercises, and deliver KPIs and compliance reports (MTTD, MTTR, detection coverage) for management and auditors. **\-Collaboration \& capability building** \-Partner with engineering and operations to onboard services into monitoring, implement secure controls, and deliver staff training and awareness exercises. **Shift \& on\-call duties** \-Participate in SOC shift rotation and on\-call roster to provide 24/7 detection and response coverage as required. Qualifications * Experience: 3–5\+ years in security operations, incident response, or SOC roles. * Technical expertise: Hands\-on with SIEM (e.g., Splunk, QRadar, Elastic), EDR (CrowdStrike, Carbon Black, MS Defender), SOAR, IDS/NGFW, cloud security logging (AWS/Azure/GCP) and network forensics. * Skills: Proficient in log and packet analysis, threat hunting, basic malware analysis, scripting for automation (Python/Bash) and familiarity with MITRE ATT\&CK. * Certifications (preferred): GCIH, GCIA, GXPN, CISSP, CISM, or equivalent. * Attributes: Strong analytical reasoning, clear technical and executive communication, teamwork under pressure, and strict adherence to incident management processes. Job Type: Full\-time Pay: QAR25\.00 \- QAR35\.00 per hour Expected hours: 40 per week Work Location: In person
