Senior SOC Engineer

Overview

Senior Soc Engineer

Security Monitoring & Incident Response

• Investigate security incidents and provide advanced technical support for detection and response.
• Perform real-time monitoring across SIEM, XDR/EDR, NDR, OT, and cloud security platforms.
• Conduct root cause analysis (RCA) and document lessons learned.
• Coordinate containment, eradication, and recovery actions during incidents.
• Ensure adherence to defined SLAs and KPIs for incident handling and escalation.

Detection Engineering & Use Case Management

• Develop and tune SIEM/XDR correlation rules aligned with MITRE ATT&CK.
• Reduce false positives and enhance detection coverage.
• Implement advanced detection use cases for ransomware, insider threats, data exfiltration, and APT activity.
• Onboard log sources, develop parsers, and normalize data for improved visibility.
• Continuously review and optimize detection thresholds and logic.

Vulnerability Management

• Lead the full vulnerability management lifecycle from discovery to remediation validation.
• Correlate vulnerability data with threat intelligence and exploitability context.
• Prioritize remediation based on CVSS, business impact, and asset criticality.
• Validate remediation effectiveness through rescans and testing support.
• Prepare executive dashboards and reports on risk exposure and remediation trends.

Threat Hunting & Intelligence Integration

• Perform proactive threat hunting using hypothesis-driven methodologies.
• Integrate threat intelligence feeds into SIEM/XDR platforms.
• Track emerging TTPs and adjust detection strategies accordingly.
• Support adversary simulation and red-team validation exercises.
• Share actionable threat intelligence insights with stakeholders.

Reporting & Stakeholder Management

• Track critical and high-risk vulnerabilities and SLA breaches.
• Provide remediation and risk trend reporting.
• Maintain audit-ready documentation and compliance evidence.
• Prepare executive-level reports on threat posture and security metrics.

Requirements

• 8+ years of experience in IT security operations or information security.
• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.

Preferred Certifications

• CEH
• Microsoft SC-200
• OSCP

Required Skillset

• Hands-on experience with SIEM, XDR/EDR, NDR, SOAR, and cloud security monitoring.
• Strong knowledge of MITRE ATT&CK, threat hunting, and log correlation.
• Expertise in vulnerability management lifecycle and risk-based prioritization.
• Experience supporting SOC build, tuning, automation, and maturity improvement.
• Familiarity with ISO 27001, NIST CSF, and regulatory frameworks.
• Proficiency with tools such as Tenable, Qualys, Rapid7, Burp Suite, and Acunetix.
• Experience in incident triage, malware analysis basics, and network traffic analysis.
• Basic scripting (PowerShell, Python, KQL, SPL).
• Strong reporting, documentation, and stakeholder communication skills.