The Senior SOC Engineer collaborates with cross-functional teams to build defenses, respond to incidents, and design strategies for robust cybersecurity posture.
What you will be doing:
Drive SOC workflow automation using SOAR, and oversee the full lifecycle management (deployment, tuning, operation) of core security tools like EDR aiming to increase automation coverage and consistency.
Lead Cloud Security Monitoring, including managing AWS security logs via SIEM and working with the CSPM team for proactive cloud defense.
Perform continuous Security Monitoring and Threat Detection, building custom queries and dashboards to enhance visibility across platforms.
Develop and execute Proactive Threat Hunting procedures to identify potential risks.
Enhance and coordinate the Incident Response process, working with cross-functional teams through containment, eradication, and post-incident analysis.
Collaborate with third-party vendors for managed security services and specialized tools.
What youll need?
Experience: 5+ years in SecOps/IR with hands-on threat detection and mitigation, specifically in cloud-centric, production-scale environments.
Technical Skills: Strong capability in Cloud-focused threat detection, incident response, and analysis of complex attack patterns. Skilled in writing SIEM queries/alerts with an outcome-orientation (e.g., measurable improvements in MTTD or alert fidelity).
Scripting & Automation: Knowledge of Python, SQL, or Bash for SOC automation, with practical experience building SOAR playbooks, data enrichment scripts, and Detection-as-Code solutions.
AI & LLM Security: Understanding of the AI threat landscape (including adversarial ML and OWASP Top 10 for LLMs) and exposure to securing GenAI pipelines.
Investigations: Extensive experience with end-to-end security investigations, deep knowledge of security network protocols, and familiarity with the OWASP Top 10 vulnerabilities.
Security Tools: Hands-on experience managing, configuring, and investigating security events across EDR, Firewall, SIEM, and SOAR platforms.
Core Skills: Strong problem-solving, analytical, and organizational skills. Comfort leading initiatives without direct authority, a security-first approach, and the ability to mentor SOC analysts.
Itd be cool if you also: [NOT A MUST]
Familiar with industry frameworks (ISO 27001, PCI-DSS, SOC2, NIST, etc.) and regulatory requirements.
Have one or more certifications: CRTP, OSCP, OWSP, OSDA, GCIH, GIAC, CSA, CompTIA CySA+, or other relevant certifications.
Experience with building agents and utilizing LLM\AI in day2day work
