Cyber Security and Threat Monitoring Specialist - SOC (m/f/d)
Halian | Managed Services, Recruitment Agency & Contract Staffing
Description
Role Purpose
The Cyber Security Operations (SOC) Specialist is responsible for monitoring the bank’s security environment, performing SIEM alert triage and investigation , and coordinating incident response activities aligned with NIST SP 800-61 . The role also involves producing threat intelligence reports for senior leadership, including the CISO and risk committees, to support informed decision-making and strengthen the organization’s security posture.
Key Responsibilities
SIEM Monitoring & Alert Triage
- Monitor and analyze security alerts using SIEM platforms such as:
- Splunk
- Microsoft Sentinel
- IBM QRadar
- Perform alert triage, validation, and prioritization based on severity and business impact
- Investigate security events including:
- Suspicious login activities
- Malware detections
- Network anomalies
- Data exfiltration indicators
- Correlate events from multiple sources (logs, endpoints, network devices) to identify potential threats
Incident Response & Coordination
- Coordinate and support incident response activities in line with NIST SP 800-61 guidelines
- Perform initial containment, eradication, and recovery actions where applicable
- Work with internal teams (IT, Infrastructure, Risk) and external vendors during incident handling
- Document incidents, response actions, and lessons learned
- Ensure timely escalation of critical incidents to senior stakeholders
Threat Intelligence & Reporting
- Generate threat intelligence reports and dashboards for:
- Chief Information Security Officer (CISO)
- Risk and governance committees
- Track and report on:
- Threat trends
- Attack patterns
- Incident metrics (MTTR, MTTA, etc.)
- Leverage threat intelligence feeds to enhance detection capabilities
- Provide actionable recommendations to improve security posture
Security Operations & Continuous Improvement
- Fine-tune SIEM rules and use cases to reduce false positives and improve detection accuracy
- Participate in threat hunting activities to proactively identify hidden threats
- Support development of playbooks and runbooks for incident response
- Contribute to continuous improvement of SOC processes and controls
Compliance & Documentation
- Ensure security monitoring activities align with:
- Internal security policies
- Banking regulatory requirements
- Maintain accurate documentation of alerts, incidents, and investigations
- Support audits and compliance reporting
Qualifications & Experience
Education
- Bachelor’s degree in:
- Cybersecurity
- Information Technology
- Computer Science or related field
Experience
- 5-8+ years of experience in:
- Security Operations Center (SOC) or Cybersecurity Operations
- Hands-on experience with:
- SIEM tools (Splunk, Sentinel, QRadar)
- Incident response handling in enterprise environments
- Experience in banking or financial services is highly preferred
Technical Skills
- Strong understanding of:
- Security event analysis and log correlation
- Network protocols, endpoints, and attack vectors
- Familiarity with:
- MITRE ATT&CK framework
- Threat intelligence platforms and feeds
- Incident response frameworks (NIST, ISO 27035)
Soft Skills
- Strong analytical and problem-solving skills
- Ability to prioritize and respond under pressure
- Clear and concise communication skills for reporting to leadership
- Attention to detail and investigative mindset
Key Competencies
- SIEM Monitoring & Analysis
- Incident Response Coordination
- Threat Intelligence & Reporting
- Cyber Threat Analysis
- Risk Awareness & Escalation
- Stakeholder Communication
Certifications (Preferred)
- Certified SOC Analyst (CSA)
- GIAC (GCIH / GCIA)
Ideal Candidate Profile
- Hands-on SOC experience with enterprise SIEM tools
- Strong analytical mindset with investigative capabilities
- Ability