Job Description
We are seeking a technical SOC Specialist with 3-5 years experience to drive high-level
incident response and threat detection within our 24/7 Security Operations Center. This role is responsible for the full incident lifecyclefrom initial triage and traffic analysis to host recovery and remediation. The ideal candidate combines deep knowledge of
Windows/Linux environments with the ability to design automated
SOAR playbooks that enhance our defensive posture.
Responsibilities
Incident Management & Response
- Real-Time Monitoring: Provide continuous 24/7 oversight of security events and alerts.
- Triage & Prioritization: Manage and categorize alerts from SIEM, Anti-DDoS, and other security solutions based on urgency and risk.
- Incident Response Operations: Lead technical response activities, including host triage, containment, and recovery.
- Remediation & Analysis: Conduct remote system analysis and implement remediation efforts using strong correlation skills.
- Lifecycle Management: Maintain the full incident response lifecycle and ensure all actions adhere to established SLAs (Service Level Agreements).
Security Automation & Intelligence
- SOAR Optimization: Identify opportunities for automation in manual workflows and design automated playbooks and modules in the SOAR platform.
- Threat Analysis: Apply a detailed understanding of the MITRE ATT&CK Framework to identify and map attacker techniques.
- Threat Intelligence: Analyze global threat landscapes, including cyber threat intelligence, new vulnerabilities, and exploit code to stay ahead of adversaries.
- Vulnerability Assessment: Study vulnerabilities and provide technical recommendations for corrective actions and reporting.
Technical Expertise & Maintenance
- Platform Mastery: Maintain deep knowledge of Security Technologies, Operating Systems (Windows & Linux), and deep-packet analysis tools like Wireshark.
- Log Analysis: Utilize extensive experience in log correlation and analysis to detect and investigate suspicious patterns.
- Incident Documentation: Ensure all findings, communication, and mitigation steps are thoroughly recorded in the ticketing system.
Qualifications
BSc in Computer Science, Electrical/Computer/Software Engineering.
Mandatory: SIEM Based Trainings, FortiSOAR Training
Preferred: GCIH Certified, Incident Handler Training, Linux+, Security+, CCNA, CCNA Security, FortiSOAR Certification
- Thorough experience in Security Operations Center environment.
- Experience in handling Cyber Security Incidents.
- Experience with SIEM technologies such as ArcSight, Microsoft Sentinel, etc. and Threat Intelligence Platform.
- Expertise in gauging automation potential in SOC manual processes/workflows and designing their transformation into automated SOC/IR playbooks and Modules within FortiSOAR.
- Understanding the global threat landscape by analyzing cyber threat intelligence.
- Extensive experience in Incident Response activities and skilled in Log Analysis.
- Ability to write and execute complex queries using KQL (Kusto Query Language)
- Experience with Anti-DDoS solutions, preferably at a Service Provider level.
- Monitoring experience of security tools like SIEM, Anti-DDoS, IPS, EDR, firewalls, and MFA systems.
- Flexible to work in shifts and willing to assist team overtime if needed.
- Awareness of Security best practices and concepts.
- Comfortable with high tech work environment, and constant learning of new tools and innovations
- Good analytical, technical, written, and verbal communication skills
- Strong team player, Ability to multi-task in a fast paced and demanding work environment
- Highly result oriented and able to work with less guidance
- Sound understanding of common network services (Web, Mail, FTP, DNS etc.), network vulnerabilities and network attack patterns.
- Hold analytical and research-oriented mindset driven by situational awareness.
