Security Operations Engineer (L3)

Hi,

Greetings from CES LTD:

Website Link : https://www.cesltd.com

Headquarted AT : Chicago ( Illinois )

Position Overview

• Lead and coordinate response efforts for critical and complex security incidents
• Perform advanced threat hunting and proactive security investigations
• Develop and implement incident response playbooks and procedures
• Conduct post-incident analysis and create detailed incident reports
• Independently manage security incidents from detection through resolution

Security Monitoring & Analysis

• Monitor, analyse, and respond to security alerts from SIEM platforms
• Perform in-depth analysis of security events across multiple security tools
• Identify false positives and tune detection rules to improve alert quality
• Analyse indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

Digital Forensics & Investigation

• Conduct digital forensics investigations on compromised systems
• Perform memory, disk, and network forensics analysis
• Collect, preserve, and analyse digital evidence following proper chain of custody
• Reconstruct attack timelines and document adversary behaviours

Technical Operations

• Manage and optimize SIEM infrastructure and correlation rules
• Oversee vulnerability management activities using Rapid7 InsightVM
• Monitor and respond to CrowdStrike EDR alerts and conduct endpoint investigations
• Analyse email security threats using Mimecast and Abnormal Security platforms
• Implement and manage cloud security controls across multi-cloud environments

Automation & Scripting

• Develop scripts and automation tools to improve SOC efficiency
• Create custom detection rules and automated response workflows
• Build integrations between security tools to enhance threat detection capabilities

Leadership & Mentoring

• Contribute technical expertise to SOC team initiatives and projects
• Participate in on-call rotation for after-hours security incident response
• Collaborate with cross-functional teams including IT, DevOps, and Management
• Share knowledge and best practices with the security team
• Contribute to security awareness training programs

Required QualificationsTechnical Skills

• SIEM Platforms

  : Advanced experience with SIEM solutions (Splunk, QRadar, Sentinel, or similar)

• Vulnerability Management

  : Proficiency with Rapid7 InsightVM or similar VM platforms

• Email Security

  : Experience with Mimecast, Abnormal Security, or similar email security solutions

• EDR Solutions

  : Strong knowledge of CrowdStrike Falcon platform

• Digital Forensics

  : Hands-on experience with forensic tools (EnCase, FTK, Volatility, Autopsy, or similar)

• Incident Response

  : Proven experience leading IR activities and managing security incidents independently

• Scripting & Automation

  : Proficiency in scripting languages (Python, PowerShell, Bash, or similar)

• Cloud Security

  : Experience securing cloud environments (AWS, Azure, GCP) and understanding cloud-native security tools

Knowledge & Experience

• Deep understanding of attack vectors, malware analysis, and threat intelligence
• Strong knowledge of networking protocols, operating systems (Windows, Linux) and security frameworks
• Familiarity with MITRE ATT&CK framework and threat modelling
• Understanding of compliance requirements (GDPR, PCI DSS, HIPAA, ISO 27001, or similar)
• Experience with threat intelligence platforms and threat hunting methodologies
• Knowledge of Zero Trust architecture and security best practices

Professional Requirements

• 5+ years of experience in cybersecurity with  SOC environment
• Bachelors degree in computer science, Information Security, or related field (or equivalent experience)
• Relevant certifications such as GCIH, GCIA, GCFA, CEH, OSCP, CISSP, or similar
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills
• Ability to work under pressure during security incidents
• Strong attention to detail and commitment to security excellence