- Bachelor’s degree.

- 3-8 years of experience of working in Security operations and Incident response.

- Hands-on experience with Hunter SIEM platform.

- Hands-on experience with SentinelOne and Microsoft Defender (EDR/XDR).

- Experience in creating detection rules, correlation logic, log onboarding, and SIEM content

management.

- Strong understanding of networking concepts and protocols including TCP/IP, DNS, HTTP/S,

SMTP, VPN, and firewall technologies

- Prior experience detecting, analyzing, and responding to security incidents.

- Demonstrated ability to analyze and correlate information from a wide variety of enterprise

technologies.

- Knowledge of MITRE ATT&CK framework and experience mapping security detections and

incidents to ATT&CK tactics and techniques a plus.

- Familiarity with cloud security monitoring and threat intelligence concepts.

- Strong experience working on scanning tool like Rapid 7.

- Ability to work in a 24x7 rotational SOC environment and handle high-severity incidents.

- Good communication and documentation skills.

RESPONSIBILITIES:

- Provide 24x7 monitoring, detection, triage, investigation, and incident response activities as

part of the Security Operations Center.

- Monitor and analyze security events and alerts across multiple technologies to identify

suspicious and malicious activities.

- Monitor and manage security technologies including Hunter SIEM, SentinelOne, Microsoft

Defender, IDS/IPS, vulnerability scanners (Rapid 7), and related security monitoring tools.

- Conduct proactive threat hunting activities to identify potential threats and indicators of

compromise.

- Investigate security alerts and incidents, determine root cause, and support containment,

remediation, and recovery activities.

- Identify successful and unsuccessful intrusion attempts through event correlation and analysis

across various security platforms.

- Ensure timely escalation and proper hand-off of security incidents for remediation and

closure.

- Develop, maintain, and optimize SIEM use cases, detection rules, filters, and alert

configurations to improve visibility and reduce false positives.

- Onboard and manage log sources and ensure proper log collection and monitoring within the

SIEM platform.

- Monitor SIEM platform health, log ingestion status, and availability of security monitoring

tools.

- Manage and track security incidents and tickets in accordance with defined SLAs.

- Support incident response activities and maintain complete documentation throughout the

incident lifecycle.

- Collaborate with internal teams, application owners, and external vendors to support security

initiatives and projects.

- Participate in shift handover activities to ensure continuity in 24x7 SOC operations.

- Continuously identify and implement opportunities for security process improvement and

enhancement of the organization’s security posture.