Senior Security Operations Engineer - Detection

About noon
noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; we're six years in, but only 5% done.

noon's mission: every door, everyday.

What we are looking for
Noon's Cybersecurity department, Security operations team is looking for a talented, experienced, and enthusiastic Senior Threat Detection Engineer to help build and scale the Detection & Threat Hunting program at Noon.

The ideal candidate will be someone who has diverse security skill-set (IR, TI, SOC..) and specialized in detecting engineering and threat hunting. The focus area for this role will be on designing and implementing advanced detection mechanisms based on known/emerging attacks and pivoting techniques.

The Sr. Threat Detection will be working on proactive approaches to advance steps ahead of attackers and help in building detection to identify advanced, current and emerging threats. He will be responsible for the design and implementation of security intelligence and detection capabilities across our applications and networks. This role will be assisting in building the strategy and the team for our Detection and Threat Hunting Program.

He will be the focal point for the planning and execution of security investigation, response process and coordination of relevant parties when an information security incident occurs.

In addition, documentation, analytical and critical thinking skills, investigation and forensics, and the ability to identify needs and take the initiative are key requirements of this position.

About the role
Help build and scale the Detection & Threat hunting Program at Noon
Drive improvements in detection and response capabilities, and operations for the Internal SOC/TI
Write detection signatures, tune security monitoring systems/ tools, develop automation scripts and correlation rules.
Work closely with other Security Team members to strengthen our detection and defence mechanisms in regards to, Web applications, Cloud and Network.
Exhibit knowledge of attacker lifecycle, TTPs, indicators of compromise (IOCs), and proactively implementing countermeasures to neutralize the threats.
Identifies opportunities to enhance the development and implementation of new methods for detecting attacks and malicious activities.
Participate as a member of the CSIRT during major incidents and lend contributions to post-Incident review and continuous improvement
Proactive threat hunting of anomalies to identify IOCs and derive custom snort signatures for the IOCs
Identifying and managing a wide range of intelligence sources to provide a holistic view of the threat landscape. (OSINT aggregation)
Work closely with the Red Team and Blue Team to implement custom detection of new and emerging threats, and develop monitoring use cases.
Coordinate in red teaming activities such as table-top and adversarial simulation exercises.
Responsible for owning all confirmed incidents. This includes publishing Incident Report, documenting Lessons Learnt and updating Knowledge Base.

Required Expertise:

Required:

Senior level experience in a threat intel, detection, IR, or similar cybersecurity roles for medium to large organizations.

Required:

Technical professional security certifications in Incident Response, Digital Forensics, Offensive Security, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI, OSCP or similar
Bachelor's degree in Computing, Information Technology, Engineering or a related field, with a strong security component.
Hands-on experience in detection engineering, advanced cyber threat intelligence activities, intrusion detection, incident response, and security content development (e.g., signatures, rules, etc.)
A broad and diverse security skill-set with an advanced understanding of modern network security technologies (e.g. Firewalls, Intrusion Detection/Prevention Systems, Access Control Lists, Network Segmentation, SIEMs, Auditing/Logging and Identity & Access Management…