Job Purpose
To support Security Operations by monitoring, detecting, analyzing, and responding to cybersecurity threats affecting the organization's IT infrastructure, networks, and data. Focuses on incident response, SIEM-based detection engineering, SOAR implementation, and proactive threat hunting to improve detection capabilities, reduce response times, and enhance overall security operations effectiveness.
Key Result Responsibilities
- Investigates and responds to security incidents in a timely and effective manner.
- Performs deep-dive EDR analysis to identify threats and suspicious activities.
- Reduces Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through structured investigation workflows and adherence to established playbooks.
- Writes, tunes, and optimizes detection queries for threat detection and proactive hunting.
- Builds and maintains behavior-based detections to enhance threat visibility.
- Identifies and remediates detection gaps to strengthen monitoring coverage.
Key Result Responsibilities-Continued
- Performs alert tuning to reduce false positives and improve alert accuracy.
- Designs, implements, and maintains SOAR playbooks to automate repetitive SOC tasks.
- Integrates SOAR with SIEM, EDR, and threat intelligence platforms to streamline the end-to-end incident response workflow.
- Conducts threat hunts using SIEM and EDR telemetry to proactively identify potential threats.
- Collaborates with other analysts, threat intelligence teams, and IT/infrastructure teams during incident containment and remediation.
Qualifications (Academic, Training, Languages)
- Bachelor's degree in Computer Science, Information Technology, Electronics, or a related engineering discipline.
- Working knowledge of the MITRE ATT&CK framework and its application to detection coverage.
- Demonstrated experience writing and tuning SIEM detection rules with measurable improvement in alert fidelity.
- Fluent in English Language.
- Hands-on experience with EDR platforms including Microsoft Defender, CrowdStrike, or equivalent.
- Incident Response, Alert Triage, Threat Hunting, Malware Analysis, Ransomware Investigation.
- KQL (mandatory), SPL or equivalent SIEM query language.
- SIEM rule creation, behavioral analytics, alert tuning, false positive reduction.
- Hands-on experience designing and implementing SOAR playbooks.
- Workflow automation for alert enrichment and automated containment actions.
- Hands-on experience with SIEM platforms including Microsoft Sentinel, Datadog, Splunk, Securonix, LogRhythm, or equivalent.
Work Experience
- With 2–3 years of hands-on experience in a SOC or security operations environment
- Practical experience implementing or maintaining SOAR playbooks in a production SOC environment.
