Job Description:
Security Monitoring & Incident Response:
- Perform the investigation and response to complex and high-severity security incidents across network, endpoint, cloud, and application environments.
- Perform deep-dive analysis of alerts, logs, and telemetry to determine root cause, impact, and remediation actions.
- When required coordinate incident response activities across internal teams and external stakeholders, including escalation to management when required.
- Ensure incidents are handled in accordance with defined SLAs, playbooks, and regulatory requirements.
Threat Detection & Use Case Management:
- Tune, and optimize SIEM detection rules to reduce false positives and improve detection efficacy.
- Continuous Improvement & SOC Maturity.
- Contribute to the development and refinement of SOC processes, runbooks, and playbooks.
- Identify opportunities to improve SOC efficiency through automation, SOAR, and AI-driven capabilities.
Leadership & Mentorship:
- Provide guidance and mentoring to junior analysts.
- Act as an escalation point for complex investigations and technical challenges.
- Support knowledge sharing, training, and continuous skills development within the SOC team.
Requirements:
Technical Skills:
- Strong hands-on experience with SIEM platforms such as Splunk, Elasticsearch, Microsoft Sentinel, or Google SecOps
- Solid understanding of network, endpoint, identity, and cloud security concepts.
- Experience analyzing logs from firewalls, EDR, IDS/IPS, cloud platforms, and operating systems.
- Familiarity with incident response methodologies and digital forensics fundamentals.
Experience:
- 3-5 years of experience in cyber security operations, SOC, or incident response roles.
- Proven experience handling medium to high severity security incidents independently.
- Experience working in regulated environments (e.g. financial services, government, healthcare) is an advantage.
Soft Skills:
- Strong analytical and problem-solving skills.
- Calm and structured approach when handling incidents under pressure.
- Strong sense of ownership, accountability, and attention to detail.
Preferred / Nice-to-Have:
- Experience with SOAR platforms and security automation.
- Cloud security experience (AWS, Azure, GCP).
- Scripting or query skills (e.g. SPL, KQL, SQL, Python).
- Experience in SOC transformation or SIEM migration projects.
Certifications (Preferred):
- GCIA, GCIH, GCED.
- Elastics, Google SecOps, Microsoft Sentinel, or vendor-specific SIEM certifications.
Top 3 MUST have skillset:
- Elasticsearch is a must.
- Hands-on security monitoring experience with SIEM platforms preferably, Elastic Stack (ELK).
- Experience analyzing logs from firewalls, EDR, IDS/IPS, cloud platforms, and operating systems.
- Understanding of network, endpoint, identity, and cloud security concepts.
