Senior Security Operations Engineer

About noon

noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; we're six years in, but only 5% done.

noon's mission: every door, everyday.

What we are looking for

Noon's Cybersecurity department, Security operations team is looking for a talented, experienced, and enthusiastic Senior Threat Detection Engineer to help build and scale the Detection & Threat Hunting program at Noon.

The ideal candidate will be someone who has diverse security skill-set (IR, TI, SOC..) and specialized in detecting engineering and threat hunting. The focus area for this role will be on designing and implementing advanced detection mechanisms based on known/emerging attacks and pivoting techniques.

The Sr. Threat Detection will be working on proactive approaches to advance steps ahead of attackers and help in building detection to identify advanced, current and emerging threats. He will be responsible for the design and implementation of security intelligence and detection capabilities across our applications and networks. This role will be assisting in building the strategy and the team for our Detection and Threat Hunting Program. He will be the focal point for the planning and execution of security investigation, response process and coordination of relevant parties when an information security incident occurs.

In addition, documentation, analytical and critical thinking skills, investigation and forensics, and the ability to identify needs and take the initiative are key requirements of this position.

About the role

• Help build and scale the Detection & Threat hunting Program at Noon
• Drive improvements in detection and response capabilities, and operations for the Internal SOC/TI
• Write detection signatures, tune security monitoring systems/ tools, develop automation scripts and correlation rules.
• Work closely with other Security Team members to strengthen our detection and defence mechanisms in regards to, Web applications, Cloud and Network.
• Exhibit knowledge of attacker lifecycle, TTPs, indicators of compromise (IOCs), and proactively implementing countermeasures to neutralize the threats.
• Identifies opportunities to enhance the development and implementation of new methods for detecting attacks and malicious activities.
• Participate as a member of the CSIRT during major incidents and lend contributions to post-Incident review and continuous improvement
• Proactive threat hunting of anomalies to identify IOCs and derive custom snort signatures for the IOCs
• Identifying and managing a wide range of intelligence sources to provide a holistic view of the threat landscape. (OSINT aggregation)
• Work closely with the Red Team and Blue Team to implement custom detection of new and emerging threats, and develop monitoring use cases.
• Coordinate in red teaming activities such as table-top and adversarial simulation exercises.
• Responsible for owning all confirmed incidents. This includes publishing Incident Report, documenting Lessons Learnt and updating Knowledge Base.

Required Expertise:

• Required: Senior level experience in a threat intel, detection, IR, or similar cybersecurity roles for medium to large organizations.
• Required: Technical professional security certifications in Incident Response, Digital Forensics, Offensive Security, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI, OSCP or similar
• Bachelor's degree in Computing, Information Technology, Engineering or a related field, with a strong security component.
• Hands-on experience in detection engineering, advanced cyber threat intelligence activities, intrusion detection, incident response, and security content development (e.g., signatures, rules, etc.)
• A broad and diverse security skill-set with an advanced understanding of modern network security technologies (e.g. Firewalls, Intrusion Detection/Prevention Systems, Access Control Lists, Network Segmentation, SIEMs, Auditing/Logging and Identity & Access Management solutions, DDoS protection etc.).
• Knowledge of at least one common scripting language (Python, Ruby, Go).
• Experience handling and building a SOAR such as Chronicle's SOAR, Demisto, Phantom or similar tools.
• Experience conducting and leading incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Insider Threats .. etc.
• Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), Syslog-NG, Windows Event Forwarding (WEF), etc.
• Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.).

Preferred Qualifications:

• Hands on experience with Chronicle SIEM/SOAR and Google SecOps
• Expertise in threat hunting in one or more public cloud solutions such as AWS and GCP
• Ability to work with a team or independently with minimal direction/leadership
• Hands-on experience in offensive/defensive web applications security is a big plus for this role.
• Highly motivated and self-directed with a passion for solving complex problems
• Establishes industry expertise through writing, speaking or online presence.

Who will excel?

• We're looking for people with high standards, who understand that hard work matters.
• You need to be relentlessly resourceful and operate with a deep bias for action.
• We need people with the courage to be fiercely original.
• noon is not for everyone; readiness to adapt, pivot, and learn is essential.