Improves the effectiveness and efficiency of the Security Operations Center (SOC) by leading initiatives that enhance security orchestration, automation, and response ( SOAR ).
Develop and maintain standard operating procedures (SOPs) and runbooks for incident detection, analysis, and response processes.
Monitors log and event output from multiple information security tools including but not limited to SIEMs, firewalls, intrusion prevention systems, secure web gateways, security email gateways, threat intelligence platforms, antivirus products, vulnerability scanners and user behavior analytics platforms.
Train/Coach security awareness training and exercises to educate SOC L1 on best practices for cybersecurity hygiene and incident response.
Performs routine but critical information security technology tasks including but not limited to IPS signature review and testing, firewall rule change requests, antivirus product exceptions and policy changes, SIEM rule tuning .
Leads security investigations and responds according to established incident management procedures. This includes taking ownership and leadership in security incident response procedures and planning.
Contributes to the information security policy changes as determined by information security team leadership.
Leads security related projects as determined by information security team leadership. This includes representing the information security team on cross functional initiatives as required.
Acts as a technical resource during internal and external audit engagements and is responsible for gathering security related technical evidence as required
Stay up-to-date on the latest cybersecurity threats, vulnerabilities, and attack techniques, and proactively recommend measures to enhance our security posture.
Flexible working hours may require scheduled work on weekends and/or holidays
Minimum Qualifications
4-6 years of experience working in a 24x7 security operations center (SOC) as a Senior security analyst and/or L2 SOC Analyst
Excellent analytical and problem-solving skills, with the ability to quickly identify and respond to security incidents, analyze complex security issues and develop effective solutions.
Functional knowledge of MITRE ATT&CK framework and other cybersecurity methodologies
Proficiency in using SIEM tools (e.g., Splunk, ELK Stack, ArcSight, Rapid7 ) for log management, event correlation, and threat detection.
In-depth knowledge of cyber security technologies, including firewalls, IDS/IPS, EDR, BYOD, SIEM, endpoint protection.
Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams across different time zones
Preferred Qualifications
Bachelor's degree in Computer Science, Cyber Security, or STEM field
Relevant certifications (e.g., Security+, CEH, CISSP, GCIA, SSCP) are a plus.
Proven experience in security operations, incident response, vulnerability management or a related field.
Demonstrated experience in network security, server security, endpoint security, web security etc.
Ability to work in a fast-paced environment and manage multiple tasks simultaneously.
Programming and threat hunting capabilities are also preferred.