Senior SOC Analyst

We are looking for a hybrid expert in cybersecurity operations and AI engineering to lead the development, customization, and operationalization of AI-powered SOC automation systems.

This role will bridge the gap between frontline SOC operations and backend AI/ML capabilities driving intelligent alert triage, threat detection, and incident response automation through tools like Intezer, Cortex XSOAR, and custom AI pipelines.

You will play a key role in both defending the organization and building the intelligent systems that scale our defenses.

Key Responsibilities

SOC & Threat Detection (Analyst Responsibilities):

• Monitor and triage security alerts using AI-assisted tooling.

• Analyze, investigate, and escalate incidents using threat intel and log data.

• Provide threat context, root cause analysis, and response recommendations.

• Fine-tune detection rules, behavioral baselines, and IOC correlations.

• Serve as SME for SOC use cases and automation requirements.
  

AI Engineering & Automation:

• Design and maintain ML models for anomaly detection, classification, and triage.

• Build automation workflows using SOAR platforms (e.g., Cortex XSOAR).

• Integrate AI models with SIEM, EDR, TIP, and other SOC data sources.

• Develop feedback loops based on SOC analyst input and incident data.

• Reduce false positives/negatives through intelligent alert enrichment.
  
  
  

Collaboration & Strategy:

• Collaborate with threat intel, IR

• Drive innovation in SOC tooling through automation and AI.

• Maintain documentation, model explainability, and audit readiness.

• Stay ahead of adversarial threats and AI misuse in cyber contexts.Qualifications

Must-Have:

• 3+ years in a SOC Analyst, Incident Responder, or Threat Hunter role.

• 2+ years developing or applying AI/ML in a cybersecurity or security automation context.

• Proficient in Python and ML libraries (Scikit-learn, PyTorch, TensorFlow).

• Experience with SIEMs (Splunk, Sentinel, QRadar), SOARs (XSOAR, TheHive), and EDRs (CrowdStrike, Defender).

• Strong grasp of MITRE ATT&CK, threat detection, and common attack vectors.

• Familiarity with APIs, REST, JSON, and integration of multiple security platforms.
  
  
  

Nice-to-Have:

• Experience with malware classification, threat intel enrichment, or sandbox analysis (e.g., Intezer, VirusTotal).

• Knowledge of adversarial ML, model hardening, or explainable AI in SOC.

• Experience with cloud-native security monitoring (AWS/GCP/Azure).

• Familiarity with MLOps, data pipelines, or model deployment in production.