Job Description
Design, implement, and maintain SOC platforms, including SIEM (e.g., Microsoft Sentinel, Splunk), SOAR, and security monitoring tools
Build and optimize log ingestion pipelines, ensuring data quality, normalization, and efficient processing
Develop and manage detection use cases aligned with threat intelligence and MITRE ATT&CK methodologies
Conduct threat modeling for applications, cloud environments, and infrastructure to identify risks and monitoring gaps
Translate threat scenarios into detection logic, telemetry requirements, and automated response workflows
Design and implement SOAR playbooks for alert triage, incident response, and escalation workflows
Provide advanced (Tier 3) support during major incidents and contribute to root cause analysis and remediation
Collaborate with cross-functional teams to enhance security visibility, detection coverage, and response effectiveness
Required Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Hands-on experience with SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic
Strong knowledge of detection engineering and log analysis across cloud, endpoint, and network environments
Experience with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK) and security operations workflows
Familiarity with SOAR tools and automation scripting (e.g., Python, PowerShell)
Understanding of cloud security and modern enterprise architectures
Strong problem-solving, analytical, and communication skills
Preferred Qualifications (Optional)
Experience with EDR/XDR, NDR, CSPM, or identity security tools
Knowledge of DevSecOps practices and CI/CD security integration
Industry certifications such as CISSP, GCIA, GCIH, or equivalent
Experience supporting incident response and digital forensics investigations
