Role Purpose
The Cyber Security Operations (SOC) Specialist is responsible for monitoring the bank’s security environment, performing SIEM alert triage and investigation, and coordinating incident response activities aligned with NIST SP 800-61. The role also involves producing threat intelligence reports for senior leadership, including the CISO and risk committees, to support informed decision-making and strengthen the organization’s security posture.
Key Responsibilities
SIEM Monitoring & Alert Triage
- Monitor and analyze security alerts using SIEM platforms such as:
- Splunk
- Microsoft Sentinel
- IBM QRadar
- Perform alert triage, validation, and prioritization based on severity and business impact
- Investigate security events including:
- Suspicious login activities
- Malware detections
- Network anomalies
- Data exfiltration indicators
- Correlate events from multiple sources (logs, endpoints, network devices) to identify potential threats
Incident Response & Coordination
- Coordinate and support incident response activities in line with NIST SP 800-61 guidelines
- Perform initial containment, eradication, and recovery actions where applicable
- Work with internal teams (IT, Infrastructure, Risk) and external vendors during incident handling
- Document incidents, response actions, and lessons learned
- Ensure timely escalation of critical incidents to senior stakeholders
Threat Intelligence & Reporting
- Generate threat intelligence reports and dashboards for:
- Chief Information Security Officer (CISO)
- Risk and governance committees
- Track and report on:
- Threat trends
- Attack patterns
- Incident metrics (MTTR, MTTA, etc.)
- Leverage threat intelligence feeds to enhance detection capabilities
- Provide actionable recommendations to improve security posture
Security Operations & Continuous Improvement
- Fine-tune SIEM rules and use cases to reduce false positives and improve detection accuracy
- Participate in threat hunting activities to proactively identify hidden threats
- Support development of playbooks and runbooks for incident response
- Contribute to continuous improvement of SOC processes and controls
Compliance & Documentation
- Ensure security monitoring activities align with:
- Internal security policies
- Banking regulatory requirements
- Maintain accurate documentation of alerts, incidents, and investigations
- Support audits and compliance reporting
Qualifications & Experience
Education
- Bachelor’s degree in:
- Cybersecurity
- Information Technology
- Computer Science or related field
Experience
- 5-8+ years of experience in:
- Security Operations Center (SOC) or Cybersecurity Operations
- Hands-on experience with:
- SIEM tools (Splunk, Sentinel, QRadar)
- Incident response handling in enterprise environments
- Experience in banking or financial services is highly preferred
Technical Skills
- Strong understanding of:
- Security event analysis and log correlation
- Network protocols, endpoints, and attack vectors
- Familiarity with:
- MITRE ATT&CK framework
- Threat intelligence platforms and feeds
- Incident response frameworks (NIST, ISO 27035)
Soft Skills
- Strong analytical and problem-solving skills
- Ability to prioritize and respond under pressure
- Clear and concise communication skills for reporting to leadership
- Attention to detail and investigative mindset
Key Competencies
- SIEM Monitoring & Analysis
- Incident Response Coordination
- Threat Intelligence & Reporting
- Cyber Threat Analysis
- Risk Awareness & Escalation
- Stakeholder Communication
Certifications (Preferred)
- Certified SOC Analyst (CSA)
- GIAC (GCIH / GCIA)
Ideal Candidate Profile
- Hands-on SOC experience with enterprise SIEM tools
- Strong analytical mindset with investigative capabilities
- Ability to clearly communicate technical findings to non-technical stakeholders
- Experience working in regulated environments such as banking or financial services
