Senior SOC Engineer (NDR/VM)

About This Role

Overview The Senior Engineer – SOC (NDR & VM) will be a technically proficient SOC Engineer to join our Security Operations Center (SOC) team. This role focuses on deploying and managing Network Detection and Response (NDR) and Vulnerability Management tools. The ideal candidate will be hands-on, detail-oriented, and passionate about cybersecurity operations.

Responsibilities Network Detection & Response (NDR):

• Contribute to the Architecture design to deploy the NDR tool customized to the client’s environment.
• Deploy and Manage the NDR solutions to monitor network traffic and detect malicious activity. (Like Core Light, Dark Trace, Vectra)
• Analyse network telemetry and behavioural patterns to identify threats such as lateral movement, data exfiltration, and command-and-control communications.
• Develop and fine-tune detection logic, signatures, and machine learning models to improve threat visibility.
• Integrate NDR platforms with SIEM and SOAR tools to enable automated alerting and response.
• Able to write and tune the network signature and has knowledge on Suricata and Snort rule writing.

Vulnerability Management

• Deploy and Manage VM tools like Qualys, Tenable, or Rapid7 amongst others.
• End-to-end vulnerability management lifecycle: scanning, assessment, prioritization, and remediation tracking.
• Collaborate with infrastructure and application teams to ensure timely patching and mitigation of identified vulnerabilities.
• Maintain a centralized vulnerability dashboard and generate executive-level reports with risk-based metrics.
• Ensure alignment with regulatory requirements pertaining to the client industry.

Security Operations & Incident Response

• Assist in Investigation and response to security incidents, leveraging NDR and vulnerability data.
• Work closely with SOC Team, threat hunting, and threat intelligence teams to contextualize alerts and improve detection capabilities.
• Contribute to the development of SOC playbooks and standard operating procedures
• Profound knowledge and hands-on experience with NDR tools and its architecture.
• Strong understanding of network traffic and analysis.
• Proven expertise in NDR platforms (e.g., Corelight, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Proven experiences with Vulnerability Management Service with end-to-end lifecycle.
• Hands on experience with writing and tuning detection signatures including Suricata and Snort.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot network issues related with network detections.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.

Excellent problem-solving skills and the ability to make decisions under pressure.

Qualifications

• Certified Information Systems Security Professional (CISSP), OSCP, or GIAC is desirable
• Networking certifications such as CCNA or CCNP are advantageous.
• Proven expertise in NDR platforms (e.g., Corelight, Extra Hop, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Vendor certifications for NDR product/s.
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Experience integrating vulnerability tools with ticketing systems (e.g., ServiceNow, Jira) and CMDBs.

Prior experience in a technical role within a SOC or similar cybersecurity environment.

A minimum of 5 years of experience in SOC operations, with significant experience in NDR and Vulnerability Management

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.