Deputy Director - SOC & DFIR (Cyber Security Ops)

Role & Responsibilities

SOC Oversight and Operations

• Lead the strategic and day-to-day operations of the in-house central SOC protecting the public healthcare sector.
• Ensure 24/7 monitoring, alert triage, and incident response through robust processes and advanced security tooling.
• Oversee the continuous tuning of detection rules and workflows to optimize SOC efficiency and threat coverage.
• Track and report SOC KPIs, effectiveness, and operational readiness.

Detection Engineering

• Develop and maintain high-fidelity detection logic and SIEM use cases to identify malicious behaviors and sector-relevant threats.
• Work closely with IT and security architecture teams to ensure comprehensive telemetry, logging, and visibility.
• Use threat intelligence and real-world attack patterns to refine detection mechanisms.
• Perform validation and quality assurance of detection content to minimize false positives.

Digital Forensics & Malware Analysis

• Oversee forensic investigations into cyber incidents, ensuring evidence integrity and alignment with legal and regulatory requirements.
• Establish and maintain internal processes for data acquisition, analysis, and preservation of digital evidence.
• Lead the analysis of malicious code to extract indicators of compromise (IOCs) and inform defensive strategies.
• Coordinate with external partners for complex reverse engineering where required.

 

Sector-Wide Cyber Incident Management

• Serve as the Incident Manager to orchestrate cyber incident response across all public healthcare institutions.
• Maintain and test incident response plans and playbooks across the sector.
• Ensure efficient containment, eradication, recovery, and root cause analysis of cyber incidents.
• Conduct post-incident reviews to capture lessons learned and improve resilience.

Reporting and Stakeholder Engagement

• Ensure timely and structured cyber incident reporting to the Healthcare Sector Lead (MOH) and CSA in accordance with the National Cyber Incident Response Framework.
• Liaise with relevant stakeholders across public healthcare, MOHH, MOH, CSA, MHA/SPF, and other regulatory bodies during cyber incidents.
• Provide regular updates, situational briefings, and strategic insights to public healthcare, MOHH, MOH, and national stakeholders.

 

Governance, Risk & Compliance

• Align cybersecurity operations and incident handling practices with relevant policies, guidelines, and regulatory frameworks.
• Support cybersecurity audits, assessments, and reporting obligations.
• Contribute to risk management strategies and initiatives to uplift cyber posture across the sector.

Team Leadership and Capability Development

• Build, lead, and mentor a multidisciplinary cybersecurity team including SOC analysts, detection engineers, forensics investigators, malware analysts, and incident responders.
• Promote a culture of collaboration, technical excellence, and continuous learning.
• Identify skill gaps and provide training and professional development pathways for team members.
• Drive the continuous capability development of the above functions, including adoption of new tools, automation, and advanced analytics.
  Plan, run, and/or participate in cyber range activities and sector-wide cyber exercises to validate readiness and improve response capabilities.