Lead / Principal Technical Cyber Engineer

Brief Summary

Join a dynamic team as a Security Operations Center (SOC) Tech Lead, where you'll spearhead the enhancement and optimization of security monitoring capabilities while mentoring analysts to foster a culture of continuous improvement.

Responsibilities

• Lead the architecture and optimization of core SOC platforms, including SIEM, SOAR, and threat intelligence tools. Design and oversee data ingestion processes, ensuring log sources are parsed and enriched for analysis. Develop and maintain detection rules and threat scenarios against SIEM and EDR platforms. Define fidelity standards for alerts, tuning rules to reduce false positives while ensuring true positive detection. Drive the creation of SOAR playbooks for incident triage and escalation, establishing engineering standards for playbook functionality. Conduct post-incident reviews to identify gaps in detection and reinforce monitoring methods. Mentor analysts on detection engineering and advanced investigation techniques. Track key metrics, including detection coverage, alert conversion rates, and automation performance.

Requirements

• Bachelor's degree in Computer Science, Computer Engineering, Data Science, or a related technical field. Minimum of 5 years experience in cybersecurity, including at least 3 years in detection engineering or SOC roles. Proficiency in Microsoft Sentinel and experience with KQL knowledge of SIGMA rules is a plus. Familiarity with security technologies like CrowdStrike Falcon, and experience integrating tools into existing IT infrastructures. Knowledge of cloud security services within Azure and AWS, with skills in onboarding cloud-native log sources. Experience developing automation scripts using Python and/or PowerShell. Strong analytical and problem-solving skills with attention to accuracy in detection logic. Relevant certifications such as Microsoft Certified, GIAC Certified Detection Analyst, or any ISACA certification are preferred.