Senior SOC Engineer (NDR/VM)

Overview

Network Detection & Response (Ndr)

• Contribute to the Architecture design to deploy the NDR tool customized to the client’s environment.
• Deploy and Manage the NDR solutions to monitor network traffic and detect malicious activity. (Like Core Light, Dark Trace, Vectra)
• Analyse network telemetry and behavioural patterns to identify threats such as lateral movement, data exfiltration, and command-and-control communications.
• Develop and fine-tune detection logic, signatures, and machine learning models to improve threat visibility.
• Integrate NDR platforms with SIEM and SOAR tools to enable automated alerting and response.
• Able to write and tune the network signature and has knowledge on Suricata and Snort rule writing.

Vulnerability Management

• Deploy and Manage VM tools like Qualys, Tenable, or Rapid7 amongst others.
• End-to-end vulnerability management lifecycle: scanning, assessment, prioritization, and remediation tracking.
• Collaborate with infrastructure and application teams to ensure timely patching and mitigation of identified vulnerabilities.
• Maintain a centralized vulnerability dashboard and generate executive-level reports with risk-based metrics.
• Ensure alignment with regulatory requirements pertaining to the client industry.

Security Operations & Incident Response

• Assist in Investigation and response to security incidents, leveraging NDR and vulnerability data.
• Work closely with SOC Team, threat hunting, and threat intelligence teams to contextualize alerts and improve detection capabilities.
• Contribute to the development of SOC playbooks and standard operating procedures
• Profound knowledge and hands-on experience with NDR tools and its architecture.
• Strong understanding of network traffic and analysis.
• Proven expertise in NDR platforms (e.g., Corelight, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Proven experiences with Vulnerability Management Service with end-to-end lifecycle.
• Hands on experience with writing and tuning detection signatures including Suricata and Snort.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot network issues related with network detections.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Excellent problem-solving skills and the ability to make decisions under pressure.

Qualifications

• Certified Information Systems Security Professional (CISSP), OSCP, or GIAC is desirable
• Networking certifications such as CCNA or CCNP are advantageous.
• Proven expertise in NDR platforms (e.g., Corelight, Extra Hop, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Vendor certifications for NDR product/s.
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Experience integrating vulnerability tools with ticketing systems (e.g., ServiceNow, Jira) and CMDBs.
• Prior experience in a technical role within a SOC or similar cybersecurity environment.
• A minimum of 5 years of experience in SOC operations, with significant experience in NDR and Vulnerability Management
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.