• Perform advanced monitoring, analysis, and investigation of security alerts and incidents.
• Act as an escalation point for complex incidents and support L1/L2 analysts.
• Lead incident response activities including containment, eradication, recovery, and root cause analysis.
• Conduct threat hunting by analyzing logs, network traffic, and endpoint behavior.
• Fine-tune SIEM use cases, detection rules, and alerts to improve threat visibility.
• Coordinate with IT, network, application, and cloud teams for remediation activities.
• Support vulnerability management and risk assessment initiatives.
• Assist in security audits, compliance activities, and regulatory requirements.
• Prepare detailed incident reports, dashboards, and metrics for management.
• Stay updated on emerging threats, vulnerabilities, and attack techniques.
Requirements
• 5+ years of experience in cybersecurity operations or SOC roles.
• Strong understanding of cyber threats, attack vectors, and MITRE ATT&CK framework.
• Hands-on experience with SIEM platforms (Splunk, QRadar, Sentinel, ArcSight).
• Experience with EDR/XDR, email security, and network security tools.
• Strong knowledge of Windows and Linux operating systems.
• Good understanding of networking fundamentals (TCP/IP, DNS, HTTP/S).
• Experience in incident response, malware analysis (basic), and log analysis.
Preferred Skills
• Experience with cloud security monitoring (AWS, Azure, GCP).
• Exposure to SOAR tools and security automation.
• Basic scripting skills (Python, PowerShell).
• Experience mentoring junior analysts.
Preferred Certifications
• CEH, CySA+, or Security+
• CISSP (preferred but not mandatory)
• GIAC certifications – added advantage
