Perform real-time security event monitoring, triage, and analysis across multiple platforms, using SIEM and EDR tools.
Analyze log and telemetry data from diverse sources (e.g., firewalls, endpoint protection, IDS/IPS, application logs) to detect and respond to potential threats.
Investigate and respond to security incidents, performing root cause analysis and supporting containment, eradication, and recovery efforts across endpoints, servers, cloud, and network environments.
Conduct proactive threat hunting using behavioral analytics, threat intelligence, and hypothesis-driven queries to detect stealthy or novel attack techniques.
Support the SOC's daily operational cadence, including participating in shift handoffs, reviewing detection effectiveness, and maintaining situational awareness of the global threat landscape.
Contribute to the development and refinement of incident response processes, detection rules, and SOC playbooks.
Collaborate with threat intelligence, engineering, and infrastructure teams to develop detection use cases and improve overall SOC effectiveness.
Help shape SOC dashboards, reports, and playbooks that enhance visibility and response across business units and geographies.
β
β
WHAT YOU BRING
3+ years of experience in a Security Operations Center, incident response team, or cyber defense role.
Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, XSOAR and XSIAM) and endpoint detection solutions (e.g., CrowdStrike, SentinelOne).
Deep understanding of cybersecurity fundamentals, threat detection techniques, and attack frameworks such as MITRE ATT&CK.
Comfortable analyzing logs and events from various systems including network devices, endpoints, cloud environments, and identity providers.
Familiarity with scripting or automation (e.g., Python, PowerShell) to enhance investigation and response workflows is a plus.
Experience with workflow and ticketing tools like ServiceNow or Jira for incident documentation and coordination.
Strong written and verbal communication skills β able to clearly document findings, articulate risk, and support incident coordination across teams.
Bachelorβs degree in Computer Science, Cybersecurity, Information Security, or Cybersecurity Engineering are a plus.
One or more relevant certifications such as: CompTIA: Network+, Security+, CySA+, PenTest+, Cloud+ and Cloud Security: AWS Security Specialty, Google Professional Cloud Security Engineer and Microsoft Azure Security Engineer Associate are plus.
