Job Purpose

Responsible for monitoring and investigating security events, responding to cybersecurity incidents, and supporting threat detection and hunting activities using SIEM and EDR platforms. Assists in developing detection content, identifying monitoring gaps, optimizing alerts, and implementing SOAR automation to improve incident response effectiveness and strengthen the organization's security operations capabilities

Key Result Responsibilities

• Investigate, analyze, and respond to security incidents, perform deep-dive EDR analysis to identify threats, assess impact, and support containment and remediation activities.
• Reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through effective incident handling, structured investigation workflows, and adherence to response playbooks.
• Write, tune, and optimize detection queries and use cases to enhance threat detection and support proactive threat hunting activities.
• Build and maintain behavior-based detections, identify detection gaps, and implement improvements to strengthen monitoring capabilities.
• Perform alert tuning and rule optimization to reduce false positives and improve detection accuracy

Key Result Responsibilities-Continued

• Conduct threat hunting activities using SIEM, EDR, and security telemetry to identify suspicious activities and emerging threats
• Design, implement, and maintain SOAR playbooks to automate repetitive SOC tasks and improve operational efficiency
• Integrate SOAR platforms with SIEM, EDR, and threat intelligence solutions to streamline end-to-end incident response processes
• Collaborate with SOC analysts, threat intelligence teams, and IT/infrastructure teams during incident investigation, containment, remediation, and continuous improvement initiatives

Qualifications (Academic, training, languages)

• Bachelor’s degree in computer science, Information Technology, Electronics, or a related engineering discipline.
• Demonstrated experience writing and tuning SIEM detection rules with measurable improvement in alert fidelity
• Incident Response, Alert Triage, Threat Hunting, Malware Analysis, Ransomware Investigation
• KQL (mandatory), SPL or equivalent SIEM query language
• SIEM rule creation, behavioral analytics, alert tuning, false positive reduction
• Hands-on experience designing and implementing SOAR playbooks
• Workflow automation for alert enrichment, and automated containment actions
• Practical experience implementing or maintaining SOAR playbooks in a production SOC environment
• Working knowledge of the MITRE ATT&CK framework and its application to detection coverage
• Microsoft SC-200: Security Operations Analyst
• CEH or equivalent incident handling certification
• CompTIA CySA+
• Microsoft Sentinel, Datadog Splunk, Securonix, LogRhythm, or equivalent
• Microsoft Defender, CrowdStrike, or equivalent

Work Experience

With 1–2 years of hands-on experience in a SOC or security operations environment.