We are seeking a Senior Security Operations Centre Engineer / Technical Manager (L3) to lead 24x7 SOC operations for a global enterprise client. The role involves advanced incident handling, detection engineering, automation, and client engagement. The ideal candidate will drive SOC maturity, manage high-severity escalations, optimize detections, and mentor the SOC team. Responsibilities: Act as L3 escalation point for major incidents and lead advanced investigations (memory, PCAP, registry, Kubernetes runtime). Perform threat hunting and detection engineering using QRadar, CrowdStrike, Darktrace, Prisma Cloud, and XSOAR. Develop and tune correlation rules, IOAs, and playbooks (automated triage, enrichment, containment). Reduce false positives through tuning, statistical analysis, and integration with ITSM workflows. Lead client communications and executive reviews on SOC metrics (MTTD, MTTR, FP ratio, threat trends). Mentor and guide L1/L2 analysts, manage shifts, and ensure 24x7 operational continuity. Drive the SOC roadmap — playbook coverage, cloud monitoring, and detection use case enhancements. Qualifications & Skills Technical Expertise: SIEM: IBM QRadar (AQL, rule creation, parsing, dashboards) EDR: CrowdStrike Falcon (RTR, FQL, IOA/IOC tuning) NDR: Darktrace (model tuning, Antigena triage) SOAR: Cortex XSOAR (automation, integrations, Python scripting) Cloud Security: Prisma Cloud, Azure (alert tuning, misconfigurations, Intune compliance) Infra Security: Windows, Linux, MacOS, Kubernetes log analysis Certifications (Preferred): CCFA-HS / CCFR, IBM QRadar Specialist, Cortex XSOAR Specialist, GCIA/GCIH/GCFA, CKS, Azure SC-200. Soft Skills: Strong client communication, leadership, and mentoring abilities.
Wait!
Before You Leave... Find Your Perfect Job!
Are you sure you don't want to discover the perfect job opportunity? At JobPe, we help you find the best career matches, tailored to your skills and preferences. Don’t miss out on your dream job!