Our client is recognized for its innovation, cutting-edge technology, and strong commitment to security, integrity, and employee development. You'll be joining a collaborative global environment where continuous improvement, learning, and career growth are supported and encouraged.
Responsibilities:
- Lead advanced investigations on escalated security incidents, analyzing logs across firewalls, network devices, web proxies, IDS/IPS, AV and EDR platforms.
- Perform root cause, scope, and impact analysis; develop containment and remediation steps; document findings throughout the incident lifecycle.
- Guide and mentor CSOC Analysts to improve triage quality and event handling.
- Tune and optimize SIEM and EDR tools to reduce false positives and enhance detection accuracy.
- Conduct proactive threat hunting and leverage threat intelligence to identify suspicious activity and emerging threats.
- Support forensic and malware analysis activities as needed.
- Prepare incident reports and communicate findings to management and stakeholders.
- Contribute to the development and enhancement of incident response playbooks, procedures, and SOC processes.
- Collaborate with infrastructure and security teams to address vulnerabilities and strengthen security controls.
- Participate in post-incident reviews to identify gaps and drive continuous improvement.
- Serve as a technical escalation point for complex or high-severity incidents.
Skills & Competencies:
- Strong understanding of core network protocols (TCP/IP, DNS, FTP, etc.) and network traffic analysis.
- Proficient in packet capture and analysis tools (e.g., Wireshark) and netflow analysis.
- Hands-on experience with SIEM platforms (Splunk, QRadar, ArcSight) and EDR solutions.
- Solid working knowledge of Windows, Linux, and UNIX environments.
- Experience using threat intelligence platforms and applying intel to proactive detection.
- Familiarity with exploit techniques, common vulnerabilities, and attack vectors.
- Strong understanding of the incident response lifecycle, digital forensics, and malware analysis fundamentals.
- Scripting or automation capability (e.g., Python, PowerShell) to enhance detection or workflow efficiency.
- Strong analytical, communication, and problem-solving skills; ability to handle multiple priorities effectively.
Requirements:
- 35 years in cybersecurity or IT, including minimum 2 years in SOC or Incident Response.
- Degree in Computer Science, Information Security, or equivalent experience.
- At least one relevant certification (Security+, CEH, GSEC, or equivalent).
