Lead advanced monitoring of security events, logs, and alerts across multiple platforms (SIEM, EDR, Firewalls, Azure,..etc).
Develop and fine-tune detection use cases, correlation rules, and dashboards.
Conduct proactive threat hunting using MITRE ATT&CK and threat intelligence sources.
Incident Response & Investigation
Conduct deep-dive investigations into suspicious activities, malware infections, lateral movements, and APT-style threats across Endpoints, Network, Linux and Windows servers, performing root cause analysis (RCA) to identify underlying vulnerabilities and recommend remediation actions.
Lead containment, eradication, and recovery efforts for high-severity incidents.
Conduct forensic analysis of compromised endpoints, servers, and network devices.
Threat Intelligence & Analysis
Correlate threat intel with internal and external telemetry to detect emerging threats.
Provide recommendations to strengthen detection and response based on global threat trends.
Share intelligence reports with leadership and stakeholders.
SOC Operations & Process Improvement
Mentor and train SOC analysts (L1/L2) to improve technical and analytical skills.
Develop playbooks, runbooks, and escalation procedures for effective incident handling.
Collaborate with IT, Cloud, and GRC teams to ensure compliance with security standards.
Governance, Risk & Compliance Support
Ensure SOC processes align with regulatory requirements and industry best practices.
Support audit, compliance, and reporting activities with accurate incident records and metrics.
Job Requirements
Qualifications & Experience
Education: Bachelor's degree in computer science, Cybersecurity, Information Security, or related field.
Experience: (4.5 - 6.5) years in cybersecurity, with at least 3 years in SOC or DFIR leadership roles.
Technical Expertise:
Hands-on experience with SIEM platforms (Splunk, QRadar, ArcSight).
Strong knowledge of EDR, Proxy, Firewalls, IPS, DLP, and cloud-native security tools.
Experience with malware analysis, digital forensics, and reverse engineering.
Familiarity with scripting/automation (Python, PowerShell, Bash).
Frameworks & Standards:
Deep understanding of MITRE ATT&CK, Cyber Kill Chain, Diamond Model.
Knowledge of regulatory frameworks (GDPR, PCI-DSS, HIPAA, NCA).
Professional Certifications (preferred):
GCIA, GMON, GSOM, GCIH, GCFA.
Strong analytical and problem-solving skills.
Ability to work under pressure in high-severity incidents.
Excellent written and verbal communication for both technical and executive audiences.
Leadership and mentoring capabilities for SOC teams.
Strong collaboration with cross-functional IT and business units.
