The unit ensures enterprise-wide protection, operational continuity, regulatory compliance, secure architecture design, and automation governance aligned with global best practices and financial sector standards.

The role ensures that security telemetry across infrastructure, cloud platforms, applications, and identity systems is actively monitored and analyzed. The SOC Engineer plays a critical role in identifying suspicious activity early, supporting incident response operations, and improving detection capabilities across the organization.

• Continuously monitor enterprise security systems for indicators of compromise.
• Analyze alerts generated by security monitoring platforms.
• Investigate abnormal system activity across infrastructure, applications, and identity systems.
• Correlate security events from multiple sources to identify potential threats.
• Maintain continuous situational awareness of enterprise security posture.

Incident Investigation and Escalation

• Investigate potential security incidents including malware, phishing attempts, credential compromise, and system intrusion.
• Document incident findings and escalate high severity incidents to the Director of Cyber Security.
• Support incident response activities by collecting and analyzing security event data.
• Maintain detailed incident logs and investigation records.

Threat Hunting

• Conduct proactive threat hunting activities across enterprise systems.
• Analyze historical logs and telemetry to identify potential undetected threats.
• Identify patterns that may indicate sophisticated cyber attacks.
• Recommend improvements to detection rules and monitoring coverage.

Security Monitoring Platform Management

• Operate and maintain enterprise security monitoring platforms.
• Ensure log ingestion from infrastructure, applications, and identity systems.
• Tune detection rules to reduce false positives and improve detection accuracy.
• Maintain monitoring coverage across all mission critical systems.

Phishing and Malware Investigation

• Investigate suspected phishing attacks targeting employees.
• Analyze malicious attachments and suspicious communications.
• Coordinate with IT and cybersecurity teams to contain malicious activity.
• Educate users when phishing activity is detected.

Detection Improvement and Continuous Monitoring

• Improve threat detection capabilities through rule tuning and behavioral analysis.
• Identify monitoring gaps and recommend improvements.
• Ensure continuous evolution of detection capabilities as threats evolve.

• Continuous monitoring coverage across enterprise systems
• Accurate detection of suspicious activity across infrastructure, applications, and identity systems

Incident Detection

• Rapid identification and escalation of cyber incidents
• Comprehensive incident investigation documentation

Threat Intelligence

• Identification of emerging threats targeting enterprise infrastructure

Monitoring Improvement

• Improved detection accuracy through tuning of monitoring systems