• Lead and manage the implementation, operation and continuous improvement of Security Operations Centre (SOC) security surveillance and response capabilities, including people, processes and operational tools, to ensure timely and effective detection, triage and handling of cyber security events and incidents.
• Lead and manage continuous monitoring of the Bank’s critical infrastructure for potential cyber security threats,including alert analysis, event triage, threat scoping and escalation, to enable timely identification of attacks, intrusions, anomalous activities and misuse, while distinguishing malicious activity from benign events.
• Provide operational mentorship to SOC analysts by maintaining strong familiarisation with intrusion techniques, attack vectors, incident response concepts, security operations technologies, industry standards and best practices relevant to security monitoring and response.
• Lead, manage and ensure effective review, prioritisation and handling of alerts generated by multiple security detection platforms, coordinating with SIEM and detection engineering teams for rule enhancements and tuning to reduce false positives and improve alert quality.
• Lead, manage and monitor SOC administrative procedures and services delivered by outsourced service providers to ensure alignment with approved security policies, procedures, service level agreements and regulatory requirements, including addressing non‑compliance and operational deviations.
• Lead and manage SOC operational documentation including standard operating procedures, playbooks,escalation workflows and response guidelines, and continuously improve SOC processes and analyst approaches to security events highlighted by tools such as SIEM, endpoint protection, APT and other security monitoring platforms.
• Drive SOC operational requirements with SIEM and security engineering teams for onboarding of new use cases, detection enhancements and configuration changes, while ensuring smooth transition into SOC business‑as‑usual monitoring operations.
• Work with Digital Forensics and Incident Response (DFIR) teams for incident escalation, evidence preservation, forensic investigations and post‑incident activities, ensuring incidents are handled within agreed service levels and with minimal business impact.
• Ensure SOC operational tools and technologies are effectively utilised, supported and maintained to enable continuous surveillance, incident handling and reporting.
• Maintain effective collaboration with internal stakeholders, Cyber Threat Unit (CTU) teams and other technology functions to ensure intelligence‑led context, threat awareness and visibility are incorporated into SOC operations.
• Maintain strategic relationships and collaboration with industry peers and external cyber security experts to benchmark SOC operations and improve the organisation’s security monitoring, response and recovery capabilities.
• Perform any special Cyber Security Department or CTDM‑related tasks, including participation in cyber drills and operational readiness exercises, as instructed by the Unit Head, Deputy Director or Director of Cyber Security, as and when required.

QUALIFICATIONS

• Academic Qualifications: Bachelor’s or Master’s degree in cybersecurity, network engineering,
  networks and security or forensic computing. An advanced degree is highly desirable.
• Experience: At least 6+ years of hands-on experience in these fields with strong knowledge of cybersecurity surveillance, SIEM operationalization and maintenance. Knowledge of infrastructure and
  application security is required.
• Prevalent and Emerging Skills:
  • Cybersecurity Operations
  • Attack Lifecycle Methodology i.e Cyber Kill-Chain, MITRE ATT&CK, AI/ML/PQC etc