Job Summary
The SOC Analyst/Engineer designs, implements, and maintains security monitoring tools and processes to support a 24/7 Security Operations Center (SOC). This role develops detection use cases, automates workflows, fine-tunes alerts, and ensures log quality to detect and respond to threats effectively.
Responsibilities
- Design, implement, and maintain security monitoring tools and integrations supporting SOC operations
- Develop detection use cases to identify security threats across customer environments
- Automate workflows to improve SOC efficiency and incident response times
- Fine-tune alerting logic to reduce false positives and enhance threat detection accuracy
- Ensure quality and completeness of log ingestion from diverse data sources
- Support onboarding of new clients by integrating relevant data sources into security platforms
- Maintain up-to-date documentation and runbooks for SOC processes and tools
- Collaborate closely with SOC Analysts, Incident Responders, and platform owners to optimize security operations
- Monitor and support high-availability SOC platforms to ensure continuous performance and reliability
Required competencies and certifications
- Proficiency with SIEM platforms such as Splunk, ELK Stack, or ArcSight
- Strong understanding of network and system fundamentals to support security monitoring
- Ability to analyze logs and interpret security data to detect threats
- Knowledge of incident response procedures and best practices
- Ability to identify and classify security threats and anomalies accurately
- Strong attention to detail and organizational skills to maintain SOC documentation and processes
- Excellent problem-solving and analytical abilities to troubleshoot security issues
- Clear written and verbal communication skills for effective collaboration
- Ability to work effectively in a team environment
Preferred competencies and qualifications
- Security certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC certifications
- Experience with ticketing and case management systems to track incidents
- Basic scripting knowledge in Python or Bash to automate tasks
- Familiarity with malware analysis concepts to support threat investigations
- Understanding of cloud security principles and threats to enhance monitoring capabilities
- Experience with threat intelligence platforms to enrich detection use cases
- Knowledge of common attack vectors and tactics to improve security posture
