Job Purpose

To support Security Operations by monitoring, detecting, analyzing, and responding to cybersecurity threats affecting the organization’s IT infrastructure, networks, and data. Focuses on incident response, SIEM-based detection engineering, SOAR implementation, and proactive threat hunting to improve detection capabilities, reduce response times, and enhance overall security operations effectiveness.

Key Result Responsibilities

• Investigates and responds to security incidents in a timely and effective manner.
• Performs deep-dive EDR analysis to identify threats and suspicious activities.
• Reduces Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through structured investigation workflows and adherence to established playbooks.
• Writes, tunes, and optimizes detection queries for threat detection and proactive hunting.
• Builds and maintains behavior-based detections to enhance threat visibility.
• Identifies and remediates detection gaps to strengthen monitoring coverage.

Key Result Responsibilities-Continued

• Performs alert tuning to reduce false positives and improve alert accuracy.
• Designs, implements, and maintains SOAR playbooks to automate repetitive SOC tasks.
• Integrates SOAR with SIEM, EDR, and threat intelligence platforms to streamline the end-to-end incident response workflow.
• Conducts threat hunts using SIEM and EDR telemetry to proactively identify potential threats.
• Collaborates with other analysts, threat intelligence teams, and IT/infrastructure teams during incident containment and remediation.

Qualifications (Academic, training, languages)

• Bachelor’s degree in Computer Science, Information Technology, Electronics, or a related engineering discipline.   
• Working knowledge of the MITRE ATT&CK framework and its application to detection coverage.
• Demonstrated experience writing and tuning SIEM detection rules with measurable improvement in alert fidelity.
• Fluent in English Language.
• Hands-on experience with EDR platforms including Microsoft Defender, CrowdStrike, or equivalent.
• Incident Response, Alert Triage, Threat Hunting, Malware Analysis, Ransomware Investigation.
• KQL (mandatory), SPL or equivalent SIEM query language.
• SIEM rule creation, behavioral analytics, alert tuning, false positive reduction.
• Hands-on experience designing and implementing SOAR playbooks.
• Workflow automation for alert enrichment and automated containment actions.
• Hands-on experience with SIEM platforms including Microsoft Sentinel, Datadog, Splunk, Securonix, LogRhythm, or equivalent.

Work Experience

• With 2–3 years of hands-on experience in a SOC or security operations environment
• Practical experience implementing or maintaining SOAR playbooks in a production SOC environment.