Job Summary:
We are looking for a skilled and proactive Cyber Security Engineer / SOC Engineer to join our security team. This role involves real-time threat monitoring, security incident response, and management of cloud and endpoint security platforms across enterprise environments. The ideal candidate will have hands-on experience with modern SOC operations, incident remediation, and knowledge of cloud security and threat detection platforms.
Roles Responsibilities:
● Monitor, analyze, and respond to security events and alerts using SIEM tools (e.g.,Securonix,Splunk, Azure Sentinel);
● Perform incident triage, investigation, and remediation for endpoint, network, and cloud-based threats;
● Lead the end-to-end incident response process, including evidence collection, root cause analysis, containment, and recovery;
● Utilize advanced hunting techniques using KQL in Microsoft Defender XDR and Azure for proactive threat detection;
● Manage and fine-tune endpoint detection and response tools (e.g., Microsoft Defender for Endpoint, CrowdStrike);
● Conduct vulnerability assessment and remediation activities using Tenable, WSUS, and Intune;
● Collaborate with stakeholders to implement and manage Azure cloud security controls including RBAC, IAM, Defender for Cloud, and Activity Log monitoring;
● Review and manage firewall logs, alerts, and network anomalies to identify potential threats;
● Participate in security tool integrations, use case development, and alert tuning to improve detection capabilities;
● Work with ticketing systems to track, resolve, and document security incidents and operational tasks;
● Maintain security dashboards, generate executive reports, and support audits and compliance initiatives;
● Provide knowledge transfer and documentation to ensure consistent SOC procedures and practices.
Qualifications:
● Bachelor’s degree in Computer Science, Information Security, or a related field;
● 3–5 years of experience working in a SOC environment or as a Cyber Security Analyst/Engineer;
● Solid understanding of security monitoring, threat detection, and incident response processes;
● Hands-on experience with SIEM platforms such as Securonix, Azure Sentinel, or Splunk;
● Strong experience with EDR/XDR platforms like Microsoft Defender, CrowdStrike;
● Working knowledge of vulnerability management tools such as Tenable, Qualys;
● Familiarity with Azure security services: Azure AD, Defender for Cloud, Azure Monitor, Log Analytics;
● Good understanding of firewall logs, DNS traffic analysis, and network protocols;
● Proficiency in Kusto Query Language (KQL) for advanced hunting and threat detection in Defender XDR;
● Understanding of patch management processes and tools like WSUS and Intune;
● Strong analytical, problem-solving, and communication skills.
Requirements:
● Deep understanding of SOC operations, security incident lifecycle, and MITRE ATT&CK framework;
● Experience with incident response including containment, eradication, recovery, and root cause analysis;
● Knowledge of email threat analysis and tools such as Egress Defend;
● Familiarity with threat intelligence platforms and integrating threat feeds into SIEMs;
● Ability to correlate alerts from multiple sources (EDR, firewall, cloud, email) to detect sophisticated threats;
● Knowledge of Windows and Azure log sources including Entra ID logs, Defender logs, and Darktrace alerts;
● Understanding of Azure RBAC, IAM policies, and secure configuration best practices;
● Willingness to work in a 24x7 monitoring environment or in rotational shifts (if required).
Preferred Certification:
● Microsoft Certified: Security Operations Analyst Associate (SC-200)
● Microsoft Certified: Azure Security Engineer Associate (AZ-500)
● CompTIA Security+, CySA+, or equivalent