The Manager SOC will oversee and mature the bank’s Security Operations Center (SOC) operations with a focus on threat detection, incident response, and continuous monitoring. The incumbent will lead the integration, optimization, and operation of key security tools including SIEM, SOAR, DAM, XDR, FIM, IDS/IPS, and Active Directory Monitoring. The role ensures timely detection and response to cyber threats while maintaining compliance with State Bank of Pakistan (SBP) regulations and international best practices.
1. SOC Leadership & Operations
• Lead end-to-end SOC operations and manage a team of L1–L3 analysts.
• Ensure 24/7 security event monitoring through IBM QRadar SIEM and log aggregation from critical systems.
• Coordinate use cases, correlation rules, and dashboards aligned with MITRE ATT&CK.
• Manager SOC may be required to participate in rotational shifts or cover critical shifts to maintain 24x7 security operations coverage.
2. Security Tools Management
• Administer and fine-tune SIEM for optimized event correlation and alerting.
• Oversee SOAR playbook development and integration with SIEM and incident handling processes.
• Ensure data activity monitoring via Database activity monitoring across databases and sensitive environments.
• Manage XDR for endpoint, server, and network telemetry visibility and threat detection.
• Ensure the effectiveness of File Integrity Monitoring (FIM) for policy and compliance alerts.
• Operate and monitor Intrusion Detection and Prevention Systems (IDS/IPS) and respond to detected threats.
• Administer Active Directory Monitoring for identity and privilege-related event tracking and audit trail reporting.
3. Incident Response & Threat Handling
• Coordinate triage, investigation, containment, and remediation of security incidents.
• Maintain and test incident response runbooks, including roles for key bank departments (Legal, HR, Compliance).
• Collaborate with threat intelligence platforms for proactive risk awareness and TTP mapping.
4. Compliance & Reporting
• Ensure compliance with SBP’s regulations and cyber incident reporting guidelines.
• Align SOC controls with ISO 27001 Annex A controls and PCI DSS requirements (e.g., logging, monitoring, IR).
• Maintain reporting dashboards, incident records, and threat metrics for senior management and regulators.
5. Threat Intelligence & Threat Hunting
• Integrate internal and external threat intel sources into SIEM and SOAR (e.g., Resecurity, IBM XForce).
• Lead proactive threat hunting exercises and simulate APT scenarios using MITRE ATT&CK mapping.
• Generate actionable threat briefings, IoCs, and TTP insights relevant to the financial sector in Pakistan.
6. Process Improvement & Automation
• Continually improve SOC workflows and automate repetitive tasks using IBM SOAR.
• Review and refine alert thresholds, correlation rules, and suppression logic to reduce false positives.
• Conduct lessons learned exercises post-incident and apply insights to SOC maturity roadmap.
7. Team Development & Stakeholder Engagement
• Train and mentor SOC analysts on tools, response tactics, and regulatory understanding.
• Facilitate Red and Purple Teaming coordination with IS or third-party partners.
• Engage with IT, Risk, and Audit teams for continuous improvement and stakeholder alignment.
• Education: Bachelor’s or Master’s in Information Security, Computer Science or related.
• Certifications:
o Certified Ethical Hacker (CEH) (Required)
o CISM/CISA/CISSP (Preferred)
o IBM QRadar / IBM SOAR Certified Specialist (Preferred)
o GIAC Certified Incident Handler (GCIH), CompTIA CySA+, or equivalent (Preferred)
o CSA (EC-Council), or Certified Threat Intelligence Analyst (CTIA) (Preferred)
o ISO 27001 Lead Implementer/Auditor and PCI DSS awareness is a plus
• 5–7 years of overall experience in cybersecurity.
• Minimum 3+ years in SOC operations or incident response leadership.
• Strong hands-on experience with:
o SIEM, SOAR, Database Activity Monitoring
o XDR and FIM
o IDS/IPS platforms
o Active Directory Auditing or similar identity audit solutions
o Integration and management of threat intelligence feeds
Job Locations:
Head Office
About MMBL:
Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan installments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion.
MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.
Why Join MMBL ?
This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavor.