 |
Emirates connects the world to, and through, our global hub in Dubai. We operate modern, efficient and comfortable aircraft, and our culturally diverse workforce delivers award-winning services to our customers across six continents every day. |
At Emirates, we believe in connecting the world, to and through, our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better’. Our Cyber Defence Operations team is looking to urgently hire a dynamic and experienced Lead Operational Engineer - CSOC - L3 to join our team.
Our Lead engineer is expected to manage complex cybersecurity incidents as well as escalations from security operations to investigate intrusions of all anomalous and misuse activities on hosts and networks. Additionally, they manage the critical incidents and provide deep expertise to ensure a robust security posture and protect the organisation. You will also be accountable for threat detection, identification, prevention, and reporting of cyber-attacks.
In this role, you will:
Manage critical incidents and challenges as the focal point of contact for major incidents. Coordinate with other departments during critical incidents and drive post-incident reviews and formulate preventive strategies.
Detect, identify, and respond to possible cyber-attacks, intrusions, anomalous and misuse activities as well as evaluate incident triage activities to ensure optimum incident resolution including the ownership of escalated incidents.
Analyse network traffic and system data to detect potential threats to resources and provide recommendations for remediation. Conduct analysis that encompasses defining the scope, urgency, and potential impact.
Perform correlation of security incidents and events to build threat detection and prevention capabilities, baselining network traffic and host activity across the enterprise.
Manage and document the incident throughout its cycle, including tracking and documenting incidents from initial detection through final resolution. Update the knowledge base, preventative controls, and standards operating procedures.
Executing incident trend analysis, reporting and assessing the impact on data and infrastructure as a result of cyber incidents as well as leading security operations, responding to feedback from internal IT departments, business and audit operational performance against the defined metrics and goals.
Collaborate with intelligence analysts to correlate threat assessment data and recommend methods to enhance defence capabilities as well as liaising with the content Engineering Team to identify and implement automation and service improvement programs to manage security operations efficiently.
The following are critical skills required to be successful in this role:
Mastery in conducting thorough forensic analysis to trace the origins and impacts of security incidents, employing advanced techniques to gather and analyse digital evidence.
Expertise in proactively seeking out and identifying advanced threats within the organization\'s systems, networks, and applications, employing both manual and automated hunting methodologies.
Proficiency in analysing malicious payloads to understand their functionalities, tactics, and techniques, allowing for the development of effective countermeasures and detection signatures.
Leadership skills in coordinating and managing response efforts during complex security incidents, ensuring efficient collaboration among diverse teams for resolution.
Ability to contribute to strategic cybersecurity planning, integrating threat intelligence to enhance proactive defence measures and stay ahead of evolving cyber threats.
Qualifications & Experience
To be considered for this role, you must meet the below requirements:
Qualifications:
Degree or Honours (12+3 or equivalent) Computer science, Information Systems, Engineering, Telecommunications, or other related scientific or technical disciplines.
Experience:
Minimum 5 years in Information Technology and CyberSecurity
Experience working in cross-functional and interdisciplinary teams to solve complex problems.
Experience in operating systems, networks, databases, and web application security with a focus on advanced preventative capabilities. Hands-on experience in technical analysis with a focus on cyber threats.
Experience analysing network traffic and host activities for potential attack vectors and developing mitigation strategies.
Experience in advanced technical analysis.
Experience in gathering a predictive understanding of adversarial strategies, priorities, and overlapping interests.
Experience in technical writing such as event bulletins, cyber digests, and quarterly summary reports.
Knowledge/skills:
Threat Detection and Response (CSOC): Expertise in threat intelligence and advanced threat detection.
Infrastructure Protection: Mastery over network security architecture and advanced intrusion prevention systems.
Identity: Deep understanding of identity governance and sophisticated IAM solutions.
In-depth knowledge of cyber threats and understanding of enterprise IT and Cybersecurity operational environments.
Ability to evaluate threat actors based on motivation and common TTPs
Leadership Role: Yes
Our Lead engineer is expected to manage complex cybersecurity incidents as well as escalations from security operations to investigate intrusions of all anomalous and misuse activities on hosts and networks. Additionally, they manage the critical incidents and provide deep expertise to ensure a robust security posture and protect the organisation. You will also be accountable for threat detection, identification, prevention, and reporting of cyber-attacks.
In this role, you will:
Manage critical incidents and challenges as the focal point of contact for major incidents. Coordinate with other departments during critical incidents and drive post-incident reviews and formulate preventive strategies.
Detect, identify, and respond to possible cyber-attacks, intrusions, anomalous and misuse activities as well as evaluate incident triage activities to ensure optimum incident resolution including the ownership of escalated incidents.
Analyse network traffic and system data to detect potential threats to resources and provide recommendations for remediation. Conduct analysis that encompasses defining the scope, urgency, and potential impact.
Perform correlation of security incidents and events to build threat detection and prevention capabilities, baselining network traffic and host activity across the enterprise.
Manage and document the incident throughout its cycle, including tracking and documenting incidents from initial detection through final resolution. Update the knowledge base, preventative controls, and standards operating procedures.
Executing incident trend analysis, reporting and assessing the impact on data and infrastructure as a result of cyber incidents as well as leading security operations, responding to feedback from internal IT departments, business and audit operational performance against the defined metrics and goals.
Collaborate with intelligence analysts to correlate threat assessment data and recommend methods to enhance defence capabilities as well as liaising with the content Engineering Team to identify and implement automation and service improvement programs to manage security operations efficiently.
The following are critical skills required to be successful in this role:
Mastery in conducting thorough forensic analysis to trace the origins and impacts of security incidents, employing advanced techniques to gather and analyse digital evidence.
Expertise in proactively seeking out and identifying advanced threats within the organization\'s systems, networks, and applications, employing both manual and automated hunting methodologies.
Proficiency in analysing malicious payloads to understand their functionalities, tactics, and techniques, allowing for the development of effective countermeasures and detection signatures.
Leadership skills in coordinating and managing response efforts during complex security incidents, ensuring efficient collaboration among diverse teams for resolution.
Ability to contribute to strategic cybersecurity planning, integrating threat intelligence to enhance proactive defence measures and stay ahead of evolving cyber threats.
Qualifications & Experience
To be considered for this role, you must meet the below requirements:
Qualifications:
Degree or Honours (12+3 or equivalent) Computer science, Information Systems, Engineering, Telecommunications, or other related scientific or technical disciplines.
Experience:
Minimum 5 years in Information Technology and CyberSecurity
Experience working in cross-functional and interdisciplinary teams to solve complex problems.
Experience in operating systems, networks, databases, and web application security with a focus on advanced preventative capabilities. Hands-on experience in technical analysis with a focus on cyber threats.
Experience analysing network traffic and host activities for potential attack vectors and developing mitigation strategies.
Experience in advanced technical analysis.
Experience in gathering a predictive understanding of adversarial strategies, priorities, and overlapping interests.
Experience in technical writing such as event bulletins, cyber digests, and quarterly summary reports.
Knowledge/skills:
Threat Detection and Response (CSOC): Expertise in threat intelligence and advanced threat detection.
Infrastructure Protection: Mastery over network security architecture and advanced intrusion prevention systems.
Identity: Deep understanding of identity governance and sophisticated IAM solutions.
In-depth knowledge of cyber threats and understanding of enterprise IT and Cybersecurity operational environments.
Ability to evaluate threat actors based on motivation and common TTPs
Leadership Role: Yes
