Security Engineer

Position:

Job Location:

Role Overview/Your Impact:

Senior Engineer IT Security

What Does the team do

The Security Operations Center (SOC) team plays a critical role in safeguarding an organization's IT infrastructure by actively monitoring, detecting, responding to, and mitigating cybersecurity threats in real time. This team's primary responsibility is to maintain a robust security posture, ensuring the integrity, confidentiality, and availability of systems, networks, and data.

What will you do

• Acknowledge, analyze, and validate incidents triggered by multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution.
• Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
• Collection of necessary logs that could help in the incident containment and security investigation
• Escalate validated and confirmed incidents.
• Understand the structure and the meaning of logs from different log sources such as F/W, IDS/IPS, WAF, Domain Controller, Cloudflare, XDR Solution, Microsoft office 365 etc.
• Open incidents in the ticketing platform to report the alarms triggered or threats detected.
• Track and update incidents and requests based on updates and create root cause analysis.
• Report on IT infrastructure issues to the IMS Team.
• Working with vendors to work on security issues.

• Log Analysis and Investigation:

• Analyze large volumes of security logs from multiple sources (e.g., network devices, firewalls, IDS/IPS, SIEM tools, etc.) to identify potential security incidents, threats, and vulnerabilities.
• Perform in-depth investigations of suspicious activities to identify the root cause and potential impact.
• Prioritize and escalate incidents based on severity and risk.

• Incident Response:

• Lead the investigation and resolution of security incidents, coordinating with L1 and L2 teams as necessary.
• Provide detailed analysis and actionable intelligence to stakeholders to guide remediation efforts.
• Track incidents through to resolution and closure, ensuring all documentation is accurate and complete.
• Maintain Incident response procedures and SOPs

• Threat Intelligence Integration:

• Use threat intelligence feeds and other external resources to enhance log analysis and identify emerging threats.
• Correlate internal data with external threat intelligence to identify new attack vectors and trends.

• Tools & Technologies:

• Utilize SIEM tools (e.g., LogRhythm) to perform advanced log searches, filtering and correlation.
• Work with other SOC tools such as ticketing systems, network monitoring solutions, Email monitoring, and endpoint security tools.

• Collaboration & Reporting:

• Collaborate with SOC teams, IT teams, and management to provide detailed incident reports and security assessments.
• Develop and maintain documentation, playbooks, and procedures to improve the efficiency of the SOC.
• Provide mentorship and training to junior analysts (L1/L2).

• Continuous Improvement:

• Analyze and improve SOC processes, workflows, and detection methodologies to enhance overall efficiency and security posture.
• Regularly update and review log sources, collection mechanisms, and detection rules to adapt to changing threat landscapes.
• Perform other duties as assigned.

Required Skills & Qualifications:

• Experience:

• Minimum of 2+years of experience in a security operations environment with a focus on log analysis, incident response, and threat detection.
• Strong knowledge of security concepts and technologies such as firewalls, IDS/IPS, antivirus, vulnerability scanners, encryption, and network protocols.
• Experience working with SIEM tools such as LogRhythm etc.

• Technical Skills:

• Strong knowledge of networking protocols (TCP/IP, HTTP, DNS, etc.) and the ability to analyze traffic and logs.
• Experience with log parsing, log correlation, and log analysis at an advanced level.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automating tasks and log analysis.
• Strong understanding of security incident response lifecycle, including containment, eradication, and recovery.

• Certifications(Preferred):

• Certified Incident Handler (GCIH)
• Certified SOC Analyst (CSA)
• Certified Ethical Hacker (CEH)

• Soft Skills:

• Strong analytical and problem-solving abilities.
• Ability to work under pressure in a high-stress, fast-paced environment.
• Strong written and verbal communication skills for preparing reports and interacting with teams across the organization.
• Excellent attention to detail and a proactive approach to identifying and addressing security issues.

How to Apply and Interview Process

@sakon.com.

Consent