Cybersecurity Engineer – Managed XDR (mXDR)

Overview

Cybersecurity Engineer – Managed XDR (mXDR)

Candidate-

Must

Must

Must

Must

Must

Role Overview

Security Monitoring & Incident Management

• Act as the single point of contact (SPOC) for all security operations at the client site
• Monitor security alerts and incidents escalated from SOC
• Perform L1/L2 triage and validation of security events
• Coordinate incident response activities with SOC, IT, and business teams
• Ensure timely closure of incidents in line with SLA commitments

Use Case & Detection Engineering

• Fine-tune SIEM/XDR detection rules based on client environment
• Support onboarding of new log sources and telemetry
• Reduce false positives and improve detection accuracy
• Assist in developing custom use cases aligned to threat scenarios

Reporting & Governance

• Prepare and present daily, weekly, and monthly security reports
• Conduct incident review meetings with stakeholders
• Track KPIs and SLAs for SOC performance
• Maintain documentation of incidents, runbooks, and processes

Stakeholder Engagement

• Interface with client IT, network, and application teams
• Provide advisory on security best practices
• Support audits, compliance requirements, and governance reviews
• Act as a trusted security advisor for operational matters

Threat Intelligence & Proactive Security

• Leverage threat intelligence feeds to identify emerging threats
• Support threat hunting activities in coordination with SOC
• Recommend improvements in security posture and controls

Continuous Improvement

• Identify gaps in detection coverage and recommend improvements
• Support automation initiatives (SOAR playbooks)
• Enhance operational maturity of SOC processes

Required Skills & Experience

• Hands-on experience with:
• + SIEM platforms (e.g., Microsoft Sentinel, Splunk, QRadar)
• + XDR/EDR tools (e.g., Microsoft Defender, CrowdStrike)
• Strong understanding of:
• + Security operations & incident response lifecycle
• + Log analysis and correlation
• + Network security, endpoints, and identity security
• Knowledge of:
• + MITRE ATT&CK framework
• + Threat intelligence concepts
• + Basic scripting (PowerShell / Python preferred)

Experience

• 3–7 years in SOC / Security Operations / Incident Response
• Experience working in Managed Security Services (MSSP) environment preferred
• Prior experience in onsite client-facing role is highly desirable
• Certifications (Good to have)

• Microsoft SC-200 (Sentinel / Security Operations)

• CISSP / CISM (good to have)

Soft Skills

• Strong communication and stakeholder management skills
• Ability to work in high-pressure environments
• Analytical thinking and problem-solving ability
• Customer-focused mindset

Working Model

• Full-time onsite at client location
• Coordination with offshore SOC (24x7 support model)
• Participation in incident bridge calls (if required)

Key Success Metrics

• SLA adherence (incident response & closure)
• Reduction in false positives
• Improved detection coverage
• Stakeholder satisfaction
• Audit and compliance readiness

Skills