Security Operations Center (SOC) Engineer

Applicants from Saudi Arabia and outside Saudi Arabia are welcome to apply. Relocation support will be provided for selected candidates who are based outside the Kingdom.

About the Role:

Estarta is looking for an experienced and highly motivated Security Operations Center (SOC) Engineer to join our cybersecurity team in Riyadh, Saudi Arabia. This role is ideal for a security professional who is passionate about cyber defense, threat detection, incident response, and security automation.

As a SOC Engineer, you will play a key role in strengthening and enhancing security operations by designing, implementing, and managing advanced security monitoring and response solutions. You will work closely with cybersecurity teams, IT operations, and stakeholders to detect, investigate, and respond to cyber threats while continuously improving security visibility, automation capabilities, and operational effectiveness.

The successful candidate will possess strong hands-on experience with SIEM, SOAR, and EDR technologies, along with a deep understanding of security operations, threat intelligence, incident response, and modern cyber defense strategies.

Key Responsibilities

Security Monitoring & Threat Detection:

• Design, deploy, configure, and maintain Security Information and Event Management (SIEM) platforms to provide comprehensive visibility across enterprise environments.
• Develop, tune, and optimize security use cases, correlation rules, alerts, and dashboards to improve threat detection capabilities and minimize false positives.
• Analyze security events and logs from multiple sources to identify malicious activities, suspicious behavior, and potential security incidents.
• Ensure continuous monitoring coverage across networks, endpoints, applications, cloud services, and security infrastructure.

Security Automation & Orchestration:

• Design, develop, and maintain Security Orchestration, Automation, and Response (SOAR) playbooks and workflows.
• Automate repetitive security tasks to improve SOC efficiency, accelerate incident response, and reduce manual effort.
• Integrate SOAR platforms with security technologies, ticketing systems, threat intelligence feeds, and operational tools.
• Continuously improve automation capabilities to enhance response times and operational effectiveness.

Endpoint Security & Incident Response:

• Monitor, investigate, and respond to alerts generated by Endpoint Detection and Response (EDR) platforms.
• Perform detailed incident analysis, root-cause investigations, and forensic reviews when required.
• Support containment, eradication, and recovery activities during security incidents.
• Collaborate with cross-functional teams to ensure timely resolution of security threats and vulnerabilities.

Threat Hunting & Security Analysis:

• Conduct proactive threat hunting activities to identify advanced threats that may evade traditional detection mechanisms.
• Utilize threat intelligence, Indicators of Compromise (IOCs), behavioral analytics, and MITRE ATT&CK techniques to identify malicious activity.
• Analyze emerging threats, attack techniques, vulnerabilities, and industry trends to improve detection coverage and response readiness.
• Recommend and implement enhancements to strengthen the organization's overall security posture.

Documentation & Continuous Improvement:

• Develop and maintain operational documentation, including security procedures, playbooks, detection logic, incident response processes, and technical guides.
• Contribute to SOC maturity initiatives and continuous improvement programs.
• Participate in security reviews, assessments, and optimization projects.
• Provide knowledge sharing and technical guidance to other team members when needed.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, Information Technology, or a related field.
• Minimum of 5 years of hands-on experience in Security Operations Centers (SOC), cybersecurity operations, security engineering, or incident response environments.
• Strong practical experience with SIEM platforms such as:
• FortiSIEM
• Splunk
• IBM QRadar
• Similar enterprise SIEM solutions
• Proven hands-on experience with SOAR technologies, including:
• FortiSOAR
• Cortex XSOAR
• Tines
• Similar automation platforms
• Strong experience working with EDR solutions such as:
• FortiEDR
• CrowdStrike
• Carbon Black
• Microsoft Defender for Endpoint
• Solid understanding of:
• Security Operations Center processes
• Incident response methodologies
• Threat intelligence concepts
• MITRE ATT&CK framework
• IOC analysis and correlation
• Experience creating, tuning, and maintaining detection rules and security analytics using technologies such as:
• KQL
• Regex
• Custom query languages
• Log analysis techniques
• Basic to intermediate scripting and automation skills using:
• Python
• PowerShell
• Bash
• Strong analytical, troubleshooting, and problem-solving capabilities.
• Ability to work effectively under pressure in fast-paced security environments.
• Excellent communication, documentation, and stakeholder management skills.

Preferred Qualifications:

• Professional cybersecurity certifications such as:
• CISSP
• CEH
• GCIH
• GCIA
• Security+
• Vendor-specific security certifications
• Experience working within large enterprise environments or Managed Security Service Providers (MSSPs).
• Knowledge of cloud security monitoring and hybrid environments.
• Familiarity with threat intelligence platforms and advanced threat hunting methodologies.
• Experience integrating multiple security technologies within complex environments.