Senior Specialist, Cybersecurity_Soc

JOB PURPOSE
Own the cyber hygiene, security monitoring coordination, access governance, and incident readiness for the VVIP terminal. The role bridges local operations with centralized Security Operations Center (SOC) monitoring, ensuring that the terminal's critical infrastructure is protected while practically balancing security protocols with the fast-paced operational realities of VIP aviation. Ensure local SOC monitoring coordination during business hours, while maintaining seamless alignment with central or outsourced SOC providers for after-hours handovers - providing continuous 24/7/365 coverage for terminal infrastructure
KEY ACCOUNTABILITIES
SOC Monitoring & Incident Response
1. Provide in-hours SOC monitoring coordination, threat response, and escalation for the VVIP terminal. Ensure seamless alignment with central or outsourced SOC providers for after-hours handovers and escalation, adhering to established operational protocols.
2. Act as the primary local liaison with central or outsourced SOC providers - Guaranteeing seamless shift handovers, context transfer, and continuous alert monitoring across operational cycles.
3. Support the complete lifecycle of security incidents including triage, containment, investigation, and reporting.
4. Conduct proactive threat hunting across terminal systems during business hours, utilizing SIEM analytics and EDR telemetry to identify potential risks.
SIEM & Log Management
1. Manage and maintain SIEM platform integration for the VVIP terminal - onboarding log sources from firewalls, servers, Active Directory/IAM, EDR, cloud services, and OT systems where feasible.
2. Develop and tune detection rules, correlation policies, and alert thresholds specific to VVIP terminal systems and aviation threat patterns.
3. Oversee and coordinate SIEM health monitoring - ensuring continuous log source connectivity, parsing accuracy, and alert pipeline integrity with a targeted uptime exceeding 99%.
4. Develop and maintain periodic security reports and dashboards for the IT Operations Manager and Central CISO - capturing incident trends, alert fatigue metrics, and overall compliance status.
Cyber Hygiene & Vulnerability Management
1. Coordinate and enforce local cyber controls, endpoint hygiene, logging, vulnerability follow-up, and patch tracking across ICT systems.
2. Maintain comprehensive cyber documentation, audit evidence, exception logs, and ensure vendors follow up on security mandates.
3. Oversee vulnerability remediation within an OT context - identifying IEC 62443 patching constraints for SDA, BMS, and building automation systems where standard maintenance cycles must be balanced against critical operational availability windows.
4. Conduct periodic vulnerability assessments and coordinate penetration testing schedules with the Central CISO and approved security vendors.
Access Governance & Security Awareness
1. Manage user access reviews, enforce privileged access controls, and execute strict joiner/mover/leaver security checks across all VVIP terminal systems.
2. Drive security awareness and embed practical cyber discipline among terminal staff and third-party vendors, and concession operators - covering phishing, social engineering, physical security, clean desk, aviation-specific threat scenarios.
3. Drive practical security governance - embedding cyber discipline into daily terminal operations through coaching, tabletop exercises, and incident simulation drills.
4. Manage third-party vendor security compliance - ensuring all contractors and service providers operating within the VVIP terminal meet minimum security requirements and sign appropriate security agreements.