IT Security Specialist (For Pooling)

To protect organizational systems by monitoring, detecting, investigating, and responding to security threats while supporting compliance and continuous improvement of security operations.

This role is part of the IT Security team and is responsible for supporting day-to-day security operations, monitoring security tools, performing threat analysis, and assisting in the implementation of security controls and compliance requirements.

• Oversee daily monitoring of security dashboards, alerts, and security events
• Review and analyze security threats, risks, and indicators of compromise (IOCs)
• Coordinate with IT teams for investigation, containment, and resolution of security issues
• Perform log review and analysis to support security investigations and operational visibility
• Manage security incidents from identification to closure, ensuring proper documentation and tracking
• Ensure timely categorization, prioritization, and resolution of security tickets in the eService system
• Review eService security tickets daily to ensure SLA compliance and proper closure quality
• Ensure validation of incident resolution and completeness of supporting documentation before closure
• Support vulnerability scanning activities and track remediation with IT teams
• Follow up on vulnerability closure and ensure timely remediation based on risk severity
• Identify security gaps and support enforcement of security baselines and configurations
• Support compliance with ISO 27001, SOC 2, PCI-DSS, and CIS Controls requirements
• Assist in audit preparation through evidence collection and control validation
• Conduct weekly review of wireless networks to detect rogue or unauthorized access points
• Perform periodic review of endpoint security alerts and EDR findings for anomalies
• Conduct quarterly review of firewall, VPN, and proxy logs for suspicious activities
• Support monthly privileged access review and identification of inactive accounts
• Assist in monthly validation of system security configurations against baseline standards
• Monitor patch compliance and coordinate with system owners for delayed updates
• Participate in threat hunting activities using MITRE ATT&CK framework
• Support development, tuning, and maintenance of SIEM use cases, correlation rules, alerts, and detection logic to improve threat detection coverage and accuracy
• Support integration and operational use of threat intelligence feeds (e.g., IOC enrichment, threat feed correlation) to enhance detection and monitoring capabilities
• Support security platform operations including SIEM, EDR, email security, and vulnerability management tools to ensure continuous monitoring and availability
• Monitor and investigate security events across cloud environments (AWS, Azure, GCP) where applicable, in coordination with cloud or infrastructure teams
• Conduct root cause analysis (RCA) of recurring security incidents and support implementation of corrective and preventive actions to reduce recurrence
• Identify opportunities for automation and continuous improvement in security operations processes, including detection, response, and reporting workflows

Non-Negotiable:
• Security Monitoring & Incident Handling (Core SOC Operations)
• Vulnerability Management & Security Hardening Support
• Detection Engineering Support & Threat Intelligence (SIEM / EDR / MITRE/IDS)
• Supporting automation of incident escalation and RCA of recurring issues
• Acitvely guide and escalation contact for Level-1 SOC Analysts

Additional Skills
• Strong understanding of infrastructure security, SOC operations, and compliance frameworks
• Experience in cloud security across AWS, Azure, and GCP environments
• Knowledge of SIEM tools, including alert tuning, correlation, and detection rule creation
• Understanding of threat detection using IDS/IPS, SPAN/TAP feeds, and network monitoring
• Familiarity with firewalls, WAF, VPN, NAC, DNS security, and endpoint security tools
• Ability to perform log analysis, event correlation, and security incident investigation
• Knowledge of vulnerability assessment and remediation tracking processes
• Understanding of MITRE ATT&CK framework and threat hunting concepts
• Ability to review security configurations and ensure compliance with security baselines
• Experience supporting incident response, escalation, and coordination with IT teams
• Knowledge of PCI-DSS, SOC 2, ISO 27001, and CIS Controls compliance requirements
• Ability to support security monitoring, alert triage, and continuous improvement of SOC processes