Who we are:
We are a team of eight and our job is to protect Aramco Overseas Company from threats, so it can continue to provide uninterrupted services to Saudi Aramco, the mother company.
Our team is responsible for processes such as security monitoring, threat detection, incident response, threat intelligence, threat hunting, and vulnerability management, and security solutions management and maintenance.
The role holder is responsible for daily cybersecurity incident detection, investigation, and response. Using the tools provided, the role holder deep dives into reported security threats and takes them all the way from identification to eradication.
The role requires that the holder works six (6) days on and three (3) off, including weekends and bank holidays, and rotating between morning shifts (07:00 – 15:30) and afternoon shifts (13:30 – 22:00).
We are looking for a candidate who:
Has 4+ years of experience working on security incident detection, investigation, and response.
Has a bachelor degree or equivalent in Technology, Computer Science or related field.
Has working experience with Enterprise Security Information Event and Management (SIEM) tools and Log Management tools. Preferably, the candidate has basic knowledge and experience in Use Case Management.
Has working experience with Endpoint Detection and Response (EDR) tools.
Has the fundamental knowledge and experience on host and network forensics.
Has basic knowledge on security technologies, such as Firewalls, Secure Web and Email Gateways, Intrusion Detection Systems (IDPS), Application Control, Sandboxing, etc.
Is knowledgeable on Microsoft Windows and Linux internals.
Preferably has working experience and/or knowledge in the following:
MITRE ATT&CK Framework and Cyber Kill Chain
Security Orchestration, Automation and Response (SOAR) solutions
Scripting language skills (Python, PowerShell)
Has a high degree of curiosity, especially in regards to incident investigation and response. The candidate is not quick in making assumptions, but rather looks deep and analyses extensively, in order to find hidden connections.
Thinks and acts creatively and is not restricted to standard solutions.
Is a good team player who enjoys working and exchanging knowledge and information. In addition, the candidate must be willing and capable of working for extended hours alone, during afternoon shifts and weekends.
Has a critical mindset, speaks up, and challenges processes, ideas, etc., with the intention of improving the work and the team.
Constantly works on improving his/her knowledge on cyber security and other business fields.
Is proficient in the English language.
Please do get in touch and share your up-to-date CV. There is an urgent requirement to fill this role.