Lead SOC Engineer (NDR and VM)

Overview

Network Detection & Response (Ndr)

• Architect and manage NDR solutions to monitor network traffic and detect malicious activity. (Like Core Light, Dark Trace, Vectra)
• Analyse network telemetry and behavioural patterns to identify threats such as lateral movement, data exfiltration, and command-and-control communications.
• Develop and fine-tune detection logic, signatures, and machine learning models to improve threat visibility.
• Integrate NDR platforms with SIEM and SOAR tools to enable automated alerting and response.
• Conduct threat hunting exercises using NDR data to proactively identify risks.
• Able to write and tune the network signature and has knowledge on Suricata and Snort rule writing.

Vulnerability Management

• Lead the end-to-end vulnerability management lifecycle: scanning, assessment, prioritization, and remediation tracking.
• Utilize tools like Qualys, Tenable, or Rapid7 to perform regular scans across endpoints, servers, cloud assets, and network devices.
• Collaborate with infrastructure and application teams to ensure timely patching and mitigation of identified vulnerabilities.
• Maintain a centralized vulnerability dashboard and generate executive-level reports with risk-based metrics.
• Ensure alignment with regulatory requirements (e.g., ISO 27001, NIST, GDPR) and internal security policies.

Security Operations & Incident Response

• Assist in Investigation and response to security incidents, leveraging NDR and vulnerability data.
• Work closely with SOC Team, threat hunting, and threat intelligence teams to contextualize alerts and improve detection capabilities.
• Stay updated with emerging threats, vulnerabilities, and security technologies.
• Participate in red/blue/purple team exercises to validate detection and response capabilities.
• Support audits, compliance assessments, and risk reviews as a subject matter expert.
• Contribute to SOC architecture strategy and implementation initiatives.
• Contribute to the development of SOC playbooks and standard operating procedures.

Characterstics

• Profound knowledge and hands-on experience with NDR tools and its architecture.
• Strong understanding of network traffic and analysis.
• Proven expertise in NDR platforms (e.g., Corelight, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Proven experiences with Vulnerability Management Service with end-to-end lifecycle.
• Proven experiences with Risk Based Prioritization with mitigation plan for Vulnerabilities.
• Experience with SIEM (Splunk, Sentinel), SOAR, and endpoint protection platforms.
• Hands on experience with writing and tuning detection signatures including Suricata and Snort.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot network issues related with network detections.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Excellent problem-solving skills and the ability to make decisions under pressure.
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication.

Skills And Certifications

• Certified Information Systems Security Professional (CISSP), OSCP, or GIAC is desirable.
• Networking certifications such as CCNA or CCNP are advantageous.
• Proven expertise in NDR platforms (e.g., Corelight, Extra Hop, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Vendor certifications for NDR product/s.
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Experience integrating vulnerability tools with ticketing systems (e.g., ServiceNow, Jira) and CMDBs.

Work Experience

• A minimum of 8 years of experience in SOC operations, with significant experience in NDR and Vulnerability Management
• Prior experience in a technical role within a SOC or similar cybersecurity environment.

Education