Expert Engineer/Security Operation Centre

About This Role

Job Description Responsible for incident response efforts, host-level investigations, conducting comprehensive forensic investigations and proactively hunting for threats within the network and systems and remediate security incidents.

Responsibilities

• Monitor and analyze threat intelligence feeds, security blogs, and industry news to stay informed on emerging threats and vulnerabilities.
• Conduct forensic investigations for cybersecurity incidents, including data breaches, advanced persistent threats (APT), ransomware, and insider threats.
• Utilize forensic tools and techniques to collect and analyze evidence, ensuring secure evidence handling and chain of custody for compliance with legal and regulatory standards.
• Conduct in-depth analysis of security events from multiple sources, such as SIEM, IDS/IPS, firewall logs, endpoint detection tools, and network traffic data.
• Develop and execute advanced threat-hunting queries and custom searches to detect malicious activities that may evade standard detection systems and improve detection rules.
• Conduct host-based forensic analyses across various platforms, including Windows, Linux, macOS, and mobile devices.
• Conduct network-based forensics using platforms such as NDR, Security Onion.
• Conduct initial malware analysis to assess potential risks.
• Proactively hunt for threats in the organization’s network by identifying Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by adversaries.
• Build and refine threat-hunting playbooks and runbooks to standardize and enhance threat-hunting operations.
• Communicate findings through detailed, high-quality reports and presentations to security teams, management, and relevant stakeholders.
• Experience with Forensic Tools such as FTK, Encase, Oxygen, Cellebrite, etc.
• Develop the remediation strategies for compromised environments.
• Develop custom scripts to automate the security log analysis.
• Conduct cloud incident response across Azure & AWS.
• Utilize the MITRE ATT&CK framework to map detected threats and enhance threat-hunting capabilities.
• Ensure timely closure of incidents in compliance with SLA requirements.

Qualifications Mandatory:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent work experience)
• Investigation background can't just be focused on EDR and SIEM tools. NEED exposure to Host-Level Investigations.
• Hands-on experience with Windows and Linux environments, can read and explain Windows or Linux logs effectively.
• Strong hands-on experience with Incident Response and Digital Forensics.
• Practical Investigation experience (end-to-end case handling or evidence processing exposure).
• Docker OR Kubernetes.
• DFIR related certifications.
• Possess relevant SANS certifications, and preferably have experience working with SIEM platforms such as Microsoft Sentinel and Splunk.
• Ability to write and execute complex queries using KQL (Kusto Query Language) .
• SANS GCFA, GCFE & GCIH.
• Minimum 6 years of experience in in digital forensics, incident response, or threat hunting.
• Expertise in Digital Forensics, Incident Response, and Threat Hunting.

Preferred

• Strong knowledge of forensic tools such as EnCase, FTK, Oxygen, Cellebrite, Volatility, and other forensics analysis tools.
• Experience with cloud forensics for platforms such as AWS & Microsoft Azure.
• Skilled in scripting (e.g., Python, PowerShell) for automation of forensics and incident response tasks
• Knowledge of the MITRE ATT&CK framework for categorizing and responding to adversarial techniques
• Ability to communicate complex technical findings effectively to both technical and non-technical audiences
• Strong analytical and problem-solving skills, with attention to detail and accuracy
• Self-driven and able to work effectively in high-stress situations, handling multiple incidents simultaneously
• Demonstrated ability to work both independently and collaboratively within a team