SOC Engineer

We are looking for a SOC Enginner that will lead the 24/7 ProActive SOC (Monitoring, Detect & Incident Response) services that are provided to our cloud-based (AWS, GCP, Azure) customers. Managing SOC Tier 1 operational in emphasis to enable the effective detection and response to cloud-oriented cyber security incidents of our customers.

The role will involve:

• As a Senior Cyber Enginner in the Security Operations Centre (SOC) function, the role provides technical leadership and strategic direction to Tier 1 cyber analyst teams.
• This role will lead and develop the SOC capability, (people, technology, and process) to support the overall Threat Monitoring and Response team.
• Manage and execute hands-on technical detection, analysis, containment, eradication, and remediation to support day-to-day SOC operations.
• Provide guidance and mentorship to improve the skill sets of analysts and ensure the delivery of high-quality analysis and work products.
• Ensure accountability and punctuality of security analysts, holding team members to the highest standards of professionalism.
• Collect and report Cybersecurity metrics to support executive-level briefings on a daily, weekly, and monthly basis.
• Establish and maintain trusted business relationships with the customer and other relevant stakeholders.
• Conduct thorough analysis and quality assurance of the team's work product to ensure accuracy and effectiveness.
• Responsibilities for managing advance (IR) Incident Response routines and escalation processing

Requirements:

• More than 4 years of relevant work experience as a SOC T1/T2 leader
• Knowledge of protecting cloud environments (AWS, GCP, Azure) and integrating them into SIEM
• Experience as a Senior Security Analyst leading a team.
• Experience with Security Operations Center, network event analysis, and/or threat analysis
• Experience working as an Incident Responder
• Knowledge of various security methodologies and technical security solutions
• Experience analyzing data from cybersecurity monitoring tools, parsing, and integrating log sources to them (Qradar, Splunk, Sentinel, Elastic, etc)
• Ability to analyze endpoint, network, and application logs.
• Experience tuning and/or configuring SIEM and vulnerability tools.
• Knowledge of common Internet protocols and applications
• Scripting experience in Linux or PowerShell preferred.