Job Description

The primary responsibility of a SECOPS Senior Analyst is to ensure that the Dubai Metro and Dubai Tram information & assets are protected from compromise arising from unauthorized access (Confidentiality risk), unauthorized alteration of data/information (integrity risk) and denial of service (availability risk). As such, he/she ensures the protection of IT/OT infrastructures of the Dubai Metro and Dubai Tram whether on premise (in the data centre) or cloud based (e.g. Microsoft or Oracle cloud, Azure SaaS) as well as confidential customer/business data by having visibility on all vulnerabilities, threats and threat sources for effective mitigation and defense before occurrence of a breach. This is achieved through prompt identification and detection of suspicious/malicious activities with a corresponding treatment plan in place to mitigate the impact or occurrence of such activities. Where breaches do occur, SECOPS Senior Analyst is primarily responsible for defending the Dubai Metro and Dubai Tram from such threat by countering the attack. The SECOPS Senior Analyst is duty bound in ensuring that incidents are properly escalated and treated in line the incident response plan/procedure.
The SECOPS Senior Analyst must have visibility on activities performs in all information assets within Dubai Metro and Dubai Tram such as perimeter firewall, core network devices (switches, routers, intrusion prevention systems, intrusion detection systems), virtualized infrastructure (VMware, ESXi Host), enterprise servers (Windows, UNIX, LINUX), databases, enterprise backup and storage systems, endpoints (workstations, laptops, PDAs, mobile devices), voice communication devices (VOIP) and other enterprise infrastructures. Thus, he/she must ensure that at the minimum, critical assets of the organization as highlighted above are within his/her monitoring scope.
MAIN RESPONSIBILITIES Respond to Cyber Threats from the Cyber Security Operations Center (CSOC), ECC or Maintenance Centre and control the impact. Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents and escalating issues as appropriate Implement, utilize, tune, and administer security tools such as endpoint protection, network analysis, SIEM, and other essential security solutions Provide support to remediate vulnerabilities such as patching, implementing controls to mitigate risk, and ensuring secure configuration of systems Act as an Incident Response team member when the incident response team is active. Incident response tasks may be identification, log and event collection and analysis, forensic investigation support, communication support, and evidence handling Audit the Rail Systems to provide reports on IT/OT misuse. Competent in Cybersecurity threat Management. Follow the relevant procedures and work instructions to ensure compliance with the required requirements. Ensure reporting (Monthly, Weekly) is delivered to required standards and on time Provide security analysis and security threat hunting coaching to SECOPS Analysts. Drive work vehicles when responding to emergencies and when required on duty; Perform shift and emergency duties when required; Perform and carry out duties as instructed/ directed by the SECOPS Manager/Engineer. Upgrade of the virus definitions of Rail OT/IT machines. Log and report on the Cybersecurity posture and conditioning of Rail OT/IT machines. Responsible for working in a 24x7 Cybersecurity Operation Centre (CSOC) environment. Investigate, document, and report on information security issues and emerging trends. Provide Incident Response (IR) support when analysis confirms actionable cyber-incident. Respond to previously undisclosed software and hardware vulnerabilities.
KNOWLEDGE REQUIRED Good technical knowledge in Cybersecurity Operation for Operational technology, Industrial controls systems and Information Technology. Understanding of database structure and queries. Excellent written and verbal communication skills. Good understanding of information technology and information security including firewalls/UTM, IDS/IPS, VPN's, penetration testing, security event monitoring, and other security systems with an emphasis on threat hunting and log analysis. Good knowledge of network and Security services. Good knowledge of exploits, vulnerabilities and Incident Management. Excellent scripting (PowerShell, Python etc...) knowledge.
KEY SKILLS Network traffic and log analysis. Insider threat and advance persistent threat detection. Malware analysis and forensics. IDS monitoring and analysis. Incident Management. Security incidents investigation, evidence gathering and expert witnessing. Creation and deployment of security alert notifications. Understand and operate Security Information and Event Management (SIEM), File Integrity Monitoring (FIM) and Database Activity Monitoring (DAM) tools, e.g. Arc sight, Tripwire, etc. TCP/IP, computer networking, routing and switching. Penetration testing and vulnerability assessment. Operating systems (e.g. Windows, UNIX and Linux). Network protocols and packet analysis tools. Anti-virus and anti-malware, endpoint security and data loss prevention tools.
EXPERIENCE Minimum 3 years of Security Operations for IT/OT related experience. Extensive experience as SOC Analyst role
EDUCATIONAL & PROFESSIONAL QUALIFCATIONS Vocational trade certificate or diploma in Information Technology discipline or equivalent. CEH, CSX, ECSA, CySA+ etc.