Deputy Manager Cyber Security

Our employees are our company's greatest asset - they are our real competitive advantage. We possesse immense power of innovation, immagination and a desire to attract and retain the best; provide them with encouragement, stimulus, and make them feel that they are an integral part of the company's mission.

This role shall be responsible to monitor and assist Manager Cybersecurity (Security Operation & Monitoring) in managing the L1 SOC team directly when responding to business-critical security incidents. This role will coordinate with L1 SOC team for day-to-day activities, events and incidents (HOTO, process flows, ticket managements, playbooks w.r.t use cases and tools, rotation plans).

Furthermore, this role shall also undertake routine matters and tasks pertaining to SIEM, Network Security Solutions, EDR/MDR, End-point security, FireEye and Threat Intel Tools. Daily SOC KPIs and their monitoring shall also be routinely performed by this role by agreeing specific performance objectives and goals with the SOC team.

Security Monitoring

Provide support in managing incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.

Creation of reports, dashboards, metrics for SOC operations and presentation to Manger Cybersecurity (Security Ops & Mon).

Safeguard information system assets by identifying and solving potential and actual security problems.

Configure correlation rules in SIEM and identify indicators of threat activity.

Support the investigation of cyber breaches/ incidents.

Understand and utilize cyber threat intelligence sources.

Communicate cyber events to internal and external stakeholders.

Work with KE ITG cross functional teams to support investigating cyber security incidents and provide reviews and recommendations.

Develop new capabilities to enhance the analysis capabilities of the team.

Managing security event monitoring, management, and response.

Configure integration of standard and non-standard logs in SIEM.

Develop company-wide best practices for IT and OT Security.

Security Operations

Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.

Implement and oversee technological upgrades, improvements, and major changes to the information security environment.

Perform routine task related to Network Detection & Response, DNS Security, and Advance Malware Protection (AMPS).

Configure integration with multiple sources which also includes other security solutions.

Monitor and manage all network traffic and look for anomalies that could indicate potential security threat.

Change Management

Support the monitoring and maintaining network security suite of tools.

Participate in efforts that tailor the company’s security policies and standards for use in cloud environments.

Provide advisory support to the team on emerging cloud security technology solutions that can assist with compliance monitoring and auditing.

Automate security controls, data and processes related to cloud to provide better metrics and operational support

Stakeholder Management

Following up with procurement and business finance teams regarding project related matters.

Vendor and principal management for various projects and tools.

Coordinating with legal team for review and finalization of SLAs and NDAs of various projects.

Coordination with cross-functional teams regarding admin related matters.

Project management and dealing with various vendors.

Cyber Security Projects

Siem

Lead project to ensure existing SIEM instance is upgraded to the latest supported platform

NDR

Analyze traffic from various sources such as logs, network flow data, etc.

XDR

Investigate and analyze malware incidents detected and determine the scope and impact of the incident activity

FIREEYE

Implement and configure FireEye NX appliances

Configuring alerts, reports, and policies for malware detection and response

Monitor FireEye NX alerts to identify and respond to potential malware threats

DNS Security

Monitor DNS traffic to detect any abnormal activity, such as DNS tunneling, domain generation algorithms (DGA), and other malicious activities

Analyze data from DNS logs and other sources to identify potential security issues

Manage DNS Security policies including response policy zones (RPZs)

Minimum 2-3 Years’ experience in cybersecurity, out of which 1 year experience in managing IT SOC and SIEM. Managing OT SOC shall be an added advantage.

A bachelor’s degree in a related technical field.

Certifications like CEH, CHFI, CISM preferred

KE provides equal employment opportunity (EEO) to all persons regardless of age, color, origin, physical or mental disability, race, religion, creed, gender, marital status, status with regard to public assistance or any other characteristic protected by federal, state or local laws.