Cyber Security CSOC Specialist

Job Purpose

Monitor and respond to alerts that are triggered on security devices to protect the Barakah Nuclear Power Plant
(BNPP) computing network. Provide first line analytical assessment within the Barakah Nuclear Power Plant facilities
whilst triaging alerts to determine whether they are malicious in nature or benign. Escalate malicious alerts to the second
line team for further technical investigative work.

Key Activities, Responsibility & Accountability

Activity: Cyber Security Operations Centre Monitoring and Analysis
Responsibilities and Accountabilities:

• Monitor Cyber Security events from various sources, including, but not limited to, Security Information and Event Management systems, Intrusion Detection Systems/ Intrusion Prevention Systems network monitoring tools and log files analysis, check for potential issues to ensure that potential malicious activities are mitigated or prevented.
• Triage Alerts that are triggered by the Security Information and Event Management systems before they are raised to Tier-2 analysts to ensure that that Tier-2 analysts have enough information to further investigate events.
• Investigate indicator of compromise in log management and security controls received by external and third-party advisories to ensure emerging threats are detected.

Activity: Alerts Investigation
Responsibilities and Accountabilities:

• Perform an initial investigation and correlation of events triggered in the Security Information and Event Management systems and other tools within the Cyber Security Operations Centre to identify possible security threats to the environment.
• Identify non-malicious false alerts and work with other stakeholders to exclude them from being triggered in the
• future.
• Asses and/or escalate the alerts raised by the tooling within in the time set by the applicable Service-Level Agreement (SLA).

Activity: Security Triage
Responsibilities and Accountabilities:

• Extract artefacts of interest from log data and examine them, recording all relevant information in a Security Incident ticket to make sure that the Tier-2 analyst has all the information to efficiently and effectively assess the potential incident.
• Escalate alerts raised by the Security Information and Event Management systems, into potential Incidents, to Tier-2 analysts for confirmation

Responsibilities & Accountabilities (contd.)

Activity: Assets and Process Monitoring
Responsibilities and Accountabilities:

• Periodically check to ensure that the Critical Digital Assets (CDAs) and the plant operations network are properly monitored by checking the lists of CDAs against the actual assets that are sending logs to the Security Information and Event Management systems.
• Ensure that the security monitoring systems are properly functioning, and that the data shown by them is accurate by following up the events that are triggered by the system if an asset did not send applicable logs for a predefined period.Activity:

Health and Safety, Security, and Business Continuity
Responsibilities and Accountabilities:

• All individuals take personal responsibility for safety; follow company HSE policies, procedures and instructions; avoid complacency and continuously challenge existing conditions and activities in order to identify discrepancies that might result in error or in appropriate action; report any situation that could present a hazard; not intentionally or recklessly interfere with or misuse anything provided at the workplace in the interest of health, safety, welfare or protection or management of the environment.
• Follow all relevant Security policies, processes, procedures and instructions to ensure security compliance in all aspects of work, by applying them on self, others and Corporate assets.
• Follow all relevant Business Continuity and Resilience requirements for compliance with, and adherence to, policies, procedures and instructions related to the effective planning for, and response to, incidents and/or business disruptions in order to continue critical business processes and activities with minimal adverse impact.

Professional Certifications

Qualifications

Bachelor's degree in Engineering or related Science

Experience

2 years of relevant experience, or equivalent as stated in the Job