Job Description

SECURITY OPERATIONS CENTER (SOC) SPECIALIST

MSL Ref. No. 8121

Key Responsibilities:

• Liaise between Bank and the external SOC provider.
• Monitor and evaluate SOC performance against SLAs and KPIs.
• Review and analyze security alerts, incidents, and reports, ensuring timely escalation and response.
• Provide the SOC team with crucial background on the bank's IT infrastructure and processes.
• Actively participate in incident response, contributing internal knowledge and facilitating communication.
• Collaborate with the SOC to refine security monitoring rules and incident response playbooks.
• Track and report on key SOC performance metrics and drive improvements.
• Ensure thorough documentation of security incidents and remediation.
• Stay informed on cyber threats and security trends.
• Participate in regular meetings and performance evaluations with the SOC provider.
• Assist in developing and maintaining internal security policies and procedures.

The Ideal Candidate Profile:

• Bachelor's degree in IT, Computer Science, Information Security, or a related field.
• Possess at least 5 years of professional experience in a SOC environment or with significant SOC interaction.
• Comprehensive understanding of security threats, attack methodologies, and mitigation strategies.
• Familiar with security monitoring tools, SIEM platforms, and incident management processes.
• Exceptional analytical and problem-solving skills.
• Excellent written and verbal communication and interpersonal skills.
• Demonstrated ability to work independently and collaboratively.
• Prior experience managing outsourced service providers (highly desirable).
• Relevant security certifications (CompTIA Security+, CEH, SOC Analyst) are a plus.

SECURITY GOVERNANCE & COMPLIANCE SPECIALIST

MSL Ref. No. 8122

Key Responsibilities:

• Develop and maintain security policies, standards, and procedures.
• Conduct risk assessments and proposing mitigation strategies.
• Manage internal and external security audits (PCI DSS, ISO 27001, Swift CSCF).
• Facilitate PCI DSS and ISO 27001 control implementation and maintenance.
• Create and deliver security awareness training.
• Support security governance and compliance projects.
• Monitor and adhere to security policies and standards.
• Collaborate with IT, Legal, Risk, and Compliance teams.
• Stay updated on security trends and regulations.
• Assist in developing business continuity and disaster recovery plans.

The Ideal Candidate Profile:

• Bachelor's degree in IT, Computer Science, Information Security, or related field.
• Possess at least 5 years' experience in information security governance, risk, and compliance preferably in the financial services industry.
• Strong understanding of PCI DSS and ISO 27001 standards and implementation.
• Experience in conducting risk assessments and developing risk treatment plans.
• Familiar with Sri Lankan banking sector security regulations.
• Excellent communication, presentation, and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Ability to work independently and collaboratively.
• Relevant certifications (CISA, CISSP, CRISC, CISM, GSTR, GISP, ISO 27001 Lead Implementer/Auditor) are an advantage.

SECURITY ENGINEER & ASSESSMENT SPECIALIST

MSL Ref. No. 8123

Key Responsibilities:

• Conduct vulnerability assessments (automated and manual) of internal and external systems/applications.
• Plan, coordinate, and potentially execute penetration testing.
• Analyze assessment results and provide actionable remediation recommendations.
• Collaborate with IT teams to implement and verify security controls.
• Research and recommend security engineering solutions.
• Assist in developing and implementing security hardening guidelines and best practices.
• Contribute to security testing methodologies and standards.
• Stay updated on security vulnerabilities, exploits, and assessment tools.
• Collaborate on security initiatives and projects.
• Assist in security incident investigations.
• Document security assessment findings and methodologies.

The Ideal Candidate Profile:

• Bachelor's degree in IT, Computer Science, Information Security, or related field.
• Possess at least 5 years of experience in security engineering, vulnerability assessment, and penetration testing.
• Strong understanding of security vulnerabilities (OWASP Top 10, SANS Top 25) and exploitation techniques.
• Hands-on experience with vulnerability scanning tools and penetration testing frameworks.
• Familiarity with operating systems, network protocols, and application architectures.
• Scripting skills (Python, Shell) desirable.
• Excellent analytical and problem-solving skills.
• Ability to communicate technical findings effectively.
• Relevant security certifications (OSCP, CEH, GPen) are an advantage.

A remuneration package on par with industry standards will be offered to the right candidate.

Please forward your complete resume in PDF format with contact details of two non-related referees to mslrcv@sltnet.lk within 10 days of this advertisement quoting MSL Ref. No in the subject line of your e-mail.

No: 10, Gothami Road, Colombo 08.

0112015900

Similar Jobs