About Role You would be part of the Cyber Security – Security Operations Center (SOC) team with an operational lead role to detect, prevent, and respond to cyber-attacks. This isa hands-on technical cyber security role with expertise in Security Operations Center and incident response and in the areas of endpoint security, application security, network security or Cloud security. Role and Responsibilities

• Must be able to lead a 24x7 team of SOC Analysts and Senior Analysts. Also you must be able to participate in rotation on call schedule.
• Must be able to work collaboratively with Incident Response and Cyber Security Testing teams. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role
• Developing Sentinel analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting and developing KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline.
• Proactively hunting threats in the environment, identifying new risk, and developing methods to proactively address threats
• Implementation of the technical controls and configurations on the security solutions and appliances in lines with the Security Incident Response procedures laid down by the Manager Cyber Security.
• Develop Cyber Security Incident Response Plan, Procedures, tactical incident response procedures and other related documentation. Also continuously update the cyber security incident response plan and procedures.
• Assist the Senior Manager and Manager Cyber Security in the analysis of security breaches to identify the root cause and also to implement preventive measures.
• Perform log event analysis by correlating data from various log sources for threat detection.
• Provide support to Incident Response activities for collecting evidences and in monitoring of mitigation steps.

Qualifications

• Bachelor Degree holder with m inimum 8 years of relevant experience in Cyber Security Operations
• 2+ years of experience working with Azure Sentinel and Azure Log Analytics
• Highly proficient with Azure Sentinel and Azure Log Analytics; focusing primarily on SIEM (security information and event manager) and SOAR (security orchestration automated response) use case development and data collection utilizing the Azure Sentinel and Azure Log Analytics toolsets.
• Strong understanding of Cloud Security and Networking Concepts and practices. Possess expert knowledge of a Security Operations Centre (SOC) - Operations
• Possess knowledge on log management, logs generated by various applications or appliances of IT infrastructure for SIEM event correlation.
• Expert knowledge or possessing any of the MS Certifications AZ-900 and SC-200 / AZ-500 is preferable.
• Ability to define various SIEM use cases based on IT environment for better detection of anomalies
• Expert knowledge on SIEM tools MS Azure Sentinel for quick adaptation to the QR SOC monitoring activities.
• Expert knowledge on Defender for Endpoint and Servers for effective incident response actions.

• All internal candidates can only have three active applications at any point in time.
• All internal candidates must have completed a minimum 10 months in their current role in order to apply for a new role
• All internal candidates with an active final warning letter will be automatically disqualified from the recruitment process
• If you are Cabin Crew or Deck Crew (Qatar Airways & Qatar Executive) candidate, you would require NOC to apply for this role.