Responsibilities
- Design, implement, and manage centralised logging and monitoring solutions (SIEM/SOAR platforms).
- Maintain detection and response capabilities across EDR, WAF, IDS/IPS, and cloud-native security services.
- Develop and tune detection rules, alerts, and dashboards for actionable security insights.
- Investigate and respond to security incidents, coordinating with stakeholders on containment and remediation.
- Support perimeter security (WAF, Bot Mitigation), endpoint monitoring (CrowdStrike, Sentinel, etc. ), and infrastructure telemetry.
- Automate alert enrichment, correlation, and incident response workflows to reduce manual effort.
- Support compliance and audit requirements by ensuring accurate log collection, retention, and reporting.
- Collaborate with third-party vendors and service providers to enhance monitoring and governance.
Requirements
- 2-4 years of experience with SIEM, EDR, and log management platforms (Elasticsearch, OpenSearch, Splunk, Wazuh, CrowdStrike, Sentinel, etc. ).
- Experience with WAF solutions (Cloudflare, Akamai, AWS WAF) and tuning detection policies.
- Strong understanding of detection engineering, incident response, and alert triage processes.
- Experience managing security for cloud environments (AWS/GCP/Azure), including logging (e. g., CloudTrail, Security Command Centre).
- Familiarity with MITRE ATT and CK, threat hunting, and detection frameworks.
- Ability to work collaboratively with compliance, risk, and engineering teams to improve detection and monitoring coverage.
Good To Have Experience/skills
- Experience with SOAR platforms and automation.
- Familiarity with container and Kubernetes monitoring/logging solutions.
- Hands-on experience with forensic investigation tools and techniques.
This job was posted by Vibhuti Juneja from Pluang.
