We are looking for an experienced Admin Activity Monitoring SME (L2) to support 24x7 security operations by monitoring, analyzing, and responding to administrative activities across enterprise environments. The role focuses on proactively detecting suspicious or high-risk actions to prevent potential cyber incidents.
Key Responsibilities
- Perform 24x7 monitoring and analysis of administrative activities across:
- Perimeter security systems
- Network infrastructure
- Cloud environments
- Applications and security tools
- Detect, investigate, and report:
- Unauthorized or malicious administrative actions
- High-risk activities that may lead to security incidents
- Monitor and respond to alerts including (but not limited to):
- Privilege escalation attempts
- Unauthorized admin logins / PIM bypass
- Configuration and policy changes
- Security rule creation/modification/deletion
- Logging disablement or tampering
- Security control bypass attempts
- Administrative access from unusual geolocations
- Changes during freeze periods / emergency changes
- Notify stakeholders (e.g., client/bank) on discrepancies
- Ensure adherence to defined SLAs and escalation procedures
Requirements
Mandatory Skills & Experience
- Minimum 4+ years of experience in cybersecurity operations
- Hands-on experience in log monitoring and analysis across multiple security technologies
- Experience working in similar monitoring/SOC environments
- Strong understanding of administrative activity tracking and threat detection
Preferred Skills
- Good communication and stakeholder management skills
- Experience in enterprise-scale security monitoring environments
Certifications
- Mandatory: OEM certifications in in-scope security technologies
- Preferred: CEH (Certified Ethical Hacker)
