Engineer - Global Information Security

Engineer SOC Operations

Position Overview:

The Engineer SOC Operations is responsible for monitoring and overseeing the daily operations of the Security Operations Center (SOC). This role involves managing a team of security analysts, ensuring timely detection and response to security incidents, and maintaining the security posture of the organization.

Key Responsibilities:

1. SOC Management and Supervision:

• Monitoring the day-to-day operations of the SOC, ensuring effective monitoring, detection, and response to security incidents.

• Possess in-depth technical knowledge of various security controls, including the ability to craft Security Information and Event Management (SIEM) queries, understand Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Endpoint Detection and Response (EDR)/Endpoint Protection Platform (EPP), Web Application Firewall (WAF), Firewalls (FW), and conduct Network Traffic Analysis.

• Investigate the alerts from various security tools and ensure all the alerts has been investigated and taken necessary actions. Escalate to the leads, when there is a true incidents occurred.

• Investigate alerts to reduce false positives, thereby minimizing unnecessary workload and provide well-analysed whitelist suggestions and inform the shift leads for whitelisting.

1. Incident Response:

• Investigate the alert within the defined SLA and conclude, whether this needs to be escalated to SOC manager.

• Coordinate and lead the response to security incidents, ensuring proper documentation, communication, and remediation.

• Conduct post-incident analysis to identify root causes and recommend preventive measures.

• Ensure compliance with incident response protocols and regulatory requirements.

• Maintain Security Operations Center (SOC) metrics, including Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and Mean Time to Contain (MTTC), to measure and improve incident response times.

Qualifications and Skills:

• Education and Experience:

• Bachelor s degree in Computer Science , Information Technology, Cybersecurity, or a related field.

• 2 -3 years of experience in cybersecurity, with at least 2 years in a SOC environment.

• Technical Skills:

• Proficiency in security monitoring tools and technologies, such as SIEM , , EDR, and threat intelligence platforms.

• Strong understanding of network protocols, firewalls, VPNs, and other security technologies.

• Knowledge of common attack vectors, threat actors, and incident response methodologies.

• Basic knowledge on all the security tools( EDR, AV, WAF, DLP, CASB, Firewall, PAM, OS( Windows and Linux)).

• Certifications:

• Relevant industry certifications such as CEH, Security +.

• Soft Skills:

• Excellent leadership and team management skills.

• Strong analytical and problem-solving abilities.

• Effective communication skills, both written and verbal.

• Ability to work under pressure and manage multiple priorities.

• Documenting the detected incidents with all the basic details.

Working Conditions:

• This role typically operates in an office environment with 24x7 working hours , including weekend shifts.