Reports to: SOC Manager 

Job Purpose:

This role is part of the Group IT Function and has a main responsibility for supporting Group IT Security with activities related to Security Operations Centre.

This role will be accountable for the daily SOC Operations mainly on handling of escalated security events from SOC L1, ticket follow-up, quality assurance, investigations and improvement of the dashboard monitoring and report. The individual requires full coordination with the various team on the detected and escalated security events ensuring proper follow up until resolution.

Key Responsibilities:

SOC Detection and Response

• Assist on the security monitoring, detecting and analysis of events related to security, ensuring proactive and appropriate defence.
• Support the investigation and remediation of the existing threat arising from central event monitoring tools.
• Experience supervising a medium-sized Security Team
• Hands on Cyber security solution implementation and operation, especially in SIEM and various security tools.
• Certified Splunk Core Certified Power User, Enterprise Security Administrator or Splunk Enterprise Admin is highly preferred.
• Strong problem-solving skills and fast learner.
• Liaison skill & teamwork, passion & commitment mentality
• Good interpersonal and communication skills.
• Good command of written and spoken English and Chinese (Mandarin and Cantonese).

Technical Requirements:

• Solid support experiences on Splunk operations and project implementations including the integration of other enterprise security tools such as SOAR, EDR, Enterprise Anti-virus, Vulnerability Management, and other supporting tools.
• Basic experience on Splunk systems maintenance and troubleshooting (Splunk components like Heavy Forwarders and Deployment Servers)
• Basic events handling experience in EDR (MS MDE), NDR (Vetra AI), MS Sentinel interface.
• Well experienced in security incident handling.
• Broad knowledge of cyber security concepts including vulnerabilities, web and application security, access controls and secure architectures.
• Experience in ITSM tools.