Requirements
* This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling
* Must be able to obtain SC Clearance or already hold SC clearance
* SIEM Expertise: Hands-on experience with at least two of the following: Splunk, IBM QRadar, Microsoft Defender for Endpoint, Microsoft Sentinel, Google Chronicle
* Strong knowledge of log formats, parsing, and normalization
* Experience with KQL, SPL, AQL, or other SIEM query languages
* Familiarity with scripting (Python, PowerShell) for automation and enrichment
* Deep understanding of threat detection, incident response, and cyber kill chain
* Familiarity with MITRE ATT&CK, NIST, and CIS frameworks
* Strong verbal and written English communication
* Strong interpersonal and presentation skills
* Strong analytical skills
* Must have good understanding on network traffic flows and able to understand normal and suspicious activities
* Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
* Knowledge of ITIL disciplines such as Incident, Problem and Change Management
* Ability to work with minimal levels of supervision
* Willingness to work in a job that involves 24/7 on call
* Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment
* Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
* Experience with Service Now Security suite
* Experience with Cloud platforms (AWS and/or Microsoft Azure)
* Excellent knowledge of Microsoft Office products, especially Excel and Word
What the job involves
* The primary function of the Senior SOC Engineer is to enhance our security operations capabilities
* You will be instrumental in building and optimizing our detection and response strategies
* Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle)
* Onboard and normalize log sources across cloud and on-prem environments
* Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis
* Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration)
* Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response
* Continuously refine playbooks based on threat intelligence and incident feedback
* Monitor and analyse security alerts and events to identify potential threats
* Perform in-depth investigations and coordinate incident response activities
* Collaborate with threat intelligence teams to enrich detection logic
* Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain
* Translate threat models into actionable detection use cases and SIEM rules
* Prioritize detection engineering efforts based on risk and business impact
* Generate reports and dashboards for stakeholders on security posture and incident trends
* Work closely with IT, DevOps, and compliance teams to ensure secure system configurations
* Provide mentorship and guidance to junior analysts and engineers
* Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports
* Support the creation of monthly reporting packs as per contractual requirements
* Create and document robust event and incident management processes, Runbooks & Playbooks
* Involvement in scoping and standing up new solutions for new opportunities
* Assisting Pre-Sales team with requirements on new opportunities
* Demonstrations of SOC tools to clients
* Continual Service Improvement - Recommendations for change to address incidents or persistent events
#J-18808-Ljbffr