Security Engineer

Role & responsibilities

• Monitor, analyse, and respond to security alerts and incidents from multiple sources across the organizations infrastructure.
• Triage and prioritize alerts based on risk, relevance, and business impact to maintain focus on high-value threats.• Lead investigation response activities, coordinating with relevant teams to execute corrective actions and implement long-term remediations.• Develop, refine, and tune custom correlation logic and detection content to enhance threat visibility and reduce false positives.• Conduct proactive threat hunting to identify suspicious patterns, behaviors, or anomalies that evade traditional detections.• Perform health checks and maintenance of SOC tools and integrations to ensure continuous data flow and operational readiness.• Document and maintain investigation records, incident timelines, and post-incident reports to support transparency and lessons learned.• Collaborate with other cybersecurity and IT teams to improve detection coverage, response playbooks, and automation workflows.• Mentor and support other SOC team members, providing technical guidance, quality assurance, and on-the-job training.• Stay current on emerging threats, attacker techniques, and defensive best practices to continuously strengthen the SOCs capabilities.• Develop, update, and maintain SOC standard operating procedures (SOPs) and incident response playbooks to ensure consistent and effective handling of security events.• Work in 24x7 rotational shifts and weekend on-call support if and when required.

Preferred candidate profile

. 4-6 years of experience in security operations domain.
• Strong hands-on experience in security monitoring, alert triage, incident investigation, and response within a SOC environment.• Proven ability to analyse and respond to complex security incidents, perform root cause analysis, and drive containment and remediation actions.• Working knowledge of EDR, NDR, SOAR, and threat intelligence platforms and their integration into SOC workflows.• Experience conducting proactive threat hunting using threat intelligence, behavioural analytics, and anomaly detection techniques.• Proven expertise in designing and optimizing customized correlation rules, detection logic, and analytical reports to identify advanced threats, reduce false positives, and improve SOC efficiency.• Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, ISO 27001, etc.) and their practical application in detection and response.• Foundational understanding of cloud platforms, with hands-on experience operating in cloud environments and conducting cloud-focused SOC investigations.• Demonstrated understanding of network protocols, operating systems (Windows, Linux), and common attack techniques.• Knowledge of malware analysis, phishing investigations, and vulnerability management processes.• Willingness to learn, experiment, and collaborate across teams.

Nice to Have

• Hands on experience with XDR and EDR solutions.• Exposure to automation and orchestration within the SOC (SOAR platforms, scripting, workflow automation).• Basic experience integrating devices with SOC tools and creating custom parsers• Knowledge of compliance and regulatory frameworks (ISO 27001, NIST, GDPR, HIPAA, etc.).• Certifications such as CSA, CySA+, CEH or SOC vendor certifications.